Cybercrime Can Eliminate all Potential Patent Protection for any of Your Products, Research, and Development

May 14, 2018

I. INTRODUCTION

Imagine your business is looking to obtain a patent on a drug that is still in the process of being perfected. You are not ready to file a non-provisional patent application, but you have obtained a patentability search, and believe that the drug is patent-eligible. All that remains is the perfection of the drug, and your business should easily be able to obtain a patent. A couple months go by, and you are contacted by your office manager. He informs you that your system has been hacked, and that all of the data and information regarding the drug on your computers has been stolen. Will this cyber-attack harm your chances at obtaining a patent. Absolutely!!!!

Today, cybercrime is at an all-time high.[1] Cybercrime is expected to cost the world $6 trillion by 2021, up from $3 trillion in 2015.[2] This includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.[3] It has been demonstrated that hacking is not a difficult thing to do. In May 2017, the WannaCry ransomware attack infected more than 200,000 computers in over 150 countries, scrambling information on people’s computers for “ransom,” and if the ransom was not paid, the information would be permanently deleted.[4] In one of the biggest data breaches to hit a U.S. retailer, Target had reported that hackers stole data from up to 40 million credit and debit cards of shoppers who had visited its stores during the 2013 holiday season.[5] In 2013, the Yahoo hack affected every single customer account that existed at the time — three billion accounts.[6]

With cybercrime being such a major issue, inventors must be vigilant in protecting their intellectual property, especially if they are seeking patent protection. In particular, they must be concerned about fulfilling the requirement of novelty.

Let’s examine how a cyber-attack can eliminate all possibility of you obtaining a patent.

Part II of this article provides a brief overview of historical and modern United States patent law. Part III of this article discusses the novelty requirement set forth for obtaining a patent in 35 U.S.C. § 102, and explain the legal landscape of what situations may bar the fulfilment of the novelty requirement. Part IV of this article provides an overview of cybercrime in the United States, and the most prevalent types of cybercrime. Part V of this article proposes steps that you can take to avoid losing all your data and intellectual property rights.

II. UNITED STATES PATENT LAW

a. Historical Origins: The Constitution and the Patent Act of 1790

The promotion of patents has long been emphasized in the history and formation of the United States. Congressional power to grant patents is authorized from Art. I, Sec. 8, Clause 8 of the United States Constitution, also known as the Intellectual Property Clause.[7] The Clause reads, “[t]he Congress shall have power to…promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries.”[8] The inclusion of this Clause into the Constitution, a document not generally known for specificity, demonstrates the founding fathers’ stance on the importance of intellectual property.[9] In addition, the only use of the word “right” in the United States Constitution is in reference to authors and inventors being granted exclusive rights.[10]

James Madison, who is often referred to as the “Father of the Constitution,” stated at the beginning of Federalist Paper No. 43, “[t]he utility of [Art. I, Sec. 8, Clause 8] will scarcely be questioned…. The right to useful inventions seems with equal reason to belong to the inventors.”[11] In his first ever State of the Union in 1790, President George Washington devoted a passage to patents:

The advancement of agriculture, commerce, and manufactures by all proper means will not, I trust, need recommendation; but I cannot forbear intimating to you the expediency of giving effectual encouragement as well to the introduction of new and useful inventions from abroad as to the exertions of skill and genius in producing them at home, and of facilitating the intercourse between the distant parts of our country by a due attention to the post-office and post-roads. Nor am I less persuaded that you will agree with me in opinion that there is nothing which can better deserve your patronage than the promotion of science and literature.[12]

Congress responded to President Washington’s State of the Union by enacting the Patent Act of 1790, which was the third law ever passed by Congress.[13] Nothing in the Constitution requires that Congress actually award protection in the form of patents.[14] The Supreme Court has stated,
“…the enabling provision of Clause 8 does not require that Congress act in regard to all categories of materials which meet the constitutional definitions.”[15] Even so, Congress has consistently chosen to grant patents ever since the Patent Act of 1790.[16]

b. Modern Patent Law: Patent Act of 1952 and the Leahy–Smith America Invents Act (AIA)

The Patent Act of 1952 codified the laws relating to patents and enacted into law title 35 of the United States Code entitled “Patents.”[17] Reforms and improvements were made in 2011 through the passage of the Leahy-Smith America Invents Act (“AIA”).[18] Modern patent law in the United States is found in Title 35 of the United States Code, most notably, Part II, Chapter 10, Sections 101-103.[19] Section 101 provides a framework for what kind of inventions qualify to be patented.[20] Sections 102 and 103 delve into the conditions of novelty and non-obviousness.[21] In sum, these sections lay out the basic framework for obtaining a patent in the United States: to receive a patent, an invention must be of patent-eligible subject matter, novel, useful, and nonobvious.

III. THE NOVELTY REQUIREMENT

The novelty requirement is derived from 35 U.S.C. § 101. The statutory language of § 101 states that “[w]hoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.”[22] From this language, it is understood that an invention or discovery must be new, also known as “novel.”[23]

a. Pre-AIA Novelty

Prior to the implementation of the AIA, the United States Patent system was a “first-to-invent” system.[24] Under the “first-to-invent” system, “[t]he first inventor is entitled to the benefit of his invention…and a subsequent inventor cannot, by obtaining a patent therefore, oust the first inventor of his right, or maintain an action against him for the use of his own invention.”[25] In other words, subsequent inventors could not obtain a patent even if they filed first. Any application filed before March 16, 2013 is governed by pre-AIA 35 U.S.C. § 102.[26]

Pre-AIA 35 U.S.C. 102(a) states that “a person shall be entitled to a patent unless the invention was known or used by others in this country…or described in a printed publication in this or a foreign country, before the invention thereof by the applicant for patent.”[27] Pre-AIA 35 U.S.C. 102(b) states that “a person shall be entitled to a patent unless the invention was…described in a printed publication in this or a foreign country, or in public use…in this country, more than one year prior to that date of the application for patent in the United States.”[28]

b. AIA Novelty

The AIA switched the United States Patent system from a “first-to-invent” to a “first-inventor-to-file” system on March 16, 2013.[29] Any application filed after March 16, 2013 is governed by post-AIA 35 U.S.C. § 102.[30] Under the new system, the effective filing date of a patent application, instead of the date of invention, determines who wins the race to patent an invention.[31]

AIA 35 U.S.C. § 102(a)(1) states that a person shall be entitled to a patent unless the claimed invention was (i) in public use, or (ii) otherwise available to the public before the effective filing date of the claimed invention.[32]

i. In public use

Under 35 U.S.C. 102(a)(1), there is no geographic limitation on where prior public use or public availability occurs. Furthermore, a public use would need to occur before the effective filing date of the claimed invention to constitute prior art under § 102(a)(1).[33] According to the Manual of Patent Examining Procedure (“MPEP”), the public use provision of AIA 35 U.S.C. 102(a)(1) has the same substantive scope with respect to uses by either the inventor or a third party, as public uses under pre-AIA 35 U.S.C. 102(b).[34]

Under pre-AIA 35 U.S.C. 102(b), the uses of an invention before the patent’s critical date that constitute a “public use” fall into two categories: the use either “(1) was accessible to the public; or (2) was commercially exploited.”[35] Whether a use is a pre-AIA 35 U.S.C. 102(b) public use also depends on who is making the use of the invention.[36] “[W]hen an asserted prior use is not that of the applicant, [pre-AIA 35 U.S.C.] 102(b) is not a bar when that prior use or knowledge is not available to the public.”[37] In other words, a use by a third party who did not obtain the invention from the inventor named in the application or patent is an invalidating use under pre-AIA 35 U.S.C. 102(b) only if it falls into the first category, in that the use was accessible to the public.[38] In addition, an inventor creates a public use bar under pre-AIA 35 U.S.C. 102(b) when the inventor shows the invention to, or allows it to be used by, another person who is “under no limitation, restriction, or obligation of confidentiality” to the inventor.[39]

Under pre-AIA 35 U.S.C. 102(a), “in order to invalidate a patent based on prior knowledge or use” by another in this country prior to the patent’s priority date, “that knowledge or use must have been available to the public.”[40] Patent-defeating “use,” under pre-AIA 35 U.S.C. 102(a) includes only that “use which is accessible to the public.”[41]

1. Piratical Third-Party Use

An area of some uncertainty is piratical third-party use. Piratical third-party use occurs when an unauthorized third-party, such as a cyber hacker, obtains access to an inventor’s intellectual property and proceeds to expose it to the public. Interestingly, it has been held that third-party piratical use can constitute a public use bar, preventing an inventor from obtaining a patent.[42]

a. Lorenz v. Colgate-Palmolive-Peet Co. (1948)[43]

The Court in Lorenz held that piratical third-party use can constitute public use.[44] In Lorenz, the Court held the Plaintiff’s patent void due to prior public use, even though the prior user stole the substance of Plaintiff’s previous abandoned patent application to use in his own patent application.[45] The Court held:

[w]e think that Congress intended that if an inventor does not protect his discovery by an application for a patent within the period prescribed by the Act, and an intervening public use arises from any source whatsoever, the inventor must be barred from a patent or from the fruits of his monopoly, if a patent has issued to him. There is not a single word in the statute which would tend to put an inventor, whose disclosures have been pirated, in any different position from one who has permitted the use of his process. [46]

Referencing precedent, the Court noted that in Andrews v. Hovey,[47] the Supreme Court noted that it was Congress’s intent that a patent should be held to be invalid without regard to the consent or allowance of the inventor, if there had been a prior public use.[48] Holding strictly to the law, the Court in Lorenz concluded by stating “it is apparent that if fraud or piracy be held to prevent the literal application of the prior-public-use provision a fruitful field for collusion will be opened and the public interest…will suffer.”[49]

b. Post-Lorenz

Lorenz was decided in 1948. Even so, there is no indication that its holding is no longer applicable. In a 2013 case, Delano Farms Co. v. California Table Grape Comm’n,[50] Plaintiffs Delano Farms Company, Four Star Fruit, Inc., and Gerawan Farming, Inc. sought to invalidate USDA patents for two varieties of table grapes under 35 U.S.C. § 102(b) on the grounds that the varieties were in “public use” more than a year before the USDA sought protection.[51]

The relevant facts are as follows. Jim and Jack Ludy were brothers who grew grapes at J & J Ludy farms.[52] Their cousins, Larry Ludy and Don Ludy, farmed nearby.[53] In August 2001, Jim and Larry Ludy attended a meeting organized by the California Table Grape Commission to allow growers to provide feedback to the USDA on new selections of table grapes that were still under development.[54] Fruit from the USDA’s Scarlet Royal (“Crimson Killer”) grapevines and Autumn King (“Big White” or “Late White”) grapevines was on display at the meeting.[55] Neither variety had been publicly released by the USDA at that point.[56] Also attending the meeting was Rodney Klassen, the tractor operator at the USDA’s experimental facility and a longtime acquaintance of Jim Ludy.[57] As a tractor driver, Klassen was not authorized to remove plant material from the USDA facility or to provide it to anyone outside the USDA.[58] Ronald Tarailo, assistant to the former director of the USDA’s grape breeding program, specifically instructed Klassen that he was not allowed to remove plant material from the USDA facility.[59] However, Klassen told Jim Judy he would get him some of the unreleased plant material.[60] Later, Jim Ludy and Klassen arranged to meet at a farm show, where Klassen provided Ludy with a paper bag containing cuttings that he had taken from the USDA facility.[61] Ludy knew that he was receiving unreleased USDA selections, and understood he should keep the plant material secret. Both plant varieties were eventually cultivated on property owned by the Ludy’s.[62]

The USDA motioned for summary judgement, arguing that the Ludy’s uses of the patented varieties fail to trigger the public use bar as a matter of law because “the law will not recognize as a ‘public use’ the use of an improperly obtained invention by someone with actual or constructive knowledge that the invention was improperly obtained.”[63] The Court ultimately denied the USDA’s motion, citing a vast amount of precedent. The Court first pointed to the Lorenz holding, as already stated above:

[i]f an inventor does not protect his discovery by an application for a patent within the period prescribed by the Act, and an intervening public use arises from any source whatsoever, the inventor must be barred from a patent or from the fruits of his monopoly, if a patent has issued to him. There is not a single word in the statute which would tend to put an inventor, whose disclosures have been pirated, in any different position from one who has permitted the use of his process”[64]

It next examined Evans Cooling Systems, Inc. v. General Motors Corp.[65] In Evans, John Evans urged the Federal Circuit to create a new exception to the on-sale bar that an otherwise invalidating offer for sale does not invalidate a patent “where a third party surreptitiously steals an invention while it is a trade secret and then, unbeknownst to the inventor, allegedly puts the invention on sale [more than one year] before the inventor files a patent application covering the stolen invention.”[66] The Court declined to create a new exception to the on-sale bar, noting that the Third Circuit declined to create an exception to the statutory bar in Lorenz, again citing the quote from above.[67] The Evans Court did note that Evans would not be without recourse if GM in fact misappropriated his invention; “Evans would have an appropriate remedy in state court for misappropriat[ion] of a trade secret.”[68]

The USDA in Delano still urged the Court to create an exception to the public use bar.[69] The Court declined to do so because “the bulk of the available authority…suggests creating such an exception would be inappropriate.” [70] Thus, according to Delano, the holding from Lorenz is still applicable: piratical third-party use can constitute public use.[71]

2. Number of users

The Court in Egbert v. Lippmann[72] held that public use of an invention by only one person is sufficient to be considered a public use, even where the usage of the invention is not visible to the general public.[73] In Egbert, Samuel Barnes invented a new type of corset-steel which made corsets sturdier.[74] He gave one to his wife who used it for a number of years.[75] Eleven years after inventing the corset-steel, Barnes applied for and received a patent. Later, Lippmann began manufacturing corsets with the same corset-steel that Barnes invented.[76] Lippmann was sued for patent infringement.[77]

The Supreme Court held that Barnes’s patent was invalid because his invention was in public use.[78] This public use happened to be his wife’s use of the invention.[79] According to the Court, Barnes relinquished control over his invention when he gave it to his wife as he had no intention of keeping the corset-steels a secret when he handed them over to her.[80] Thus, based on the holding in Egbert, even if one person uses an invention, it will count as public use and bar patentability.[81]

ii. Otherwise available to the public

AIA § 102(a)(1) provides a “catch-all” provision, specifically, a claimed invention is not entitled to a patent if it was “otherwise available to the public” before its effective filing date.[82] This “catch-all” provision permits decision makers to focus on whether the disclosure was “available to the public,” rather than on the means by which the claimed invention became available to the public or whether a disclosure constitutes a “printed publication” or falls within another category of prior art as defined in § 102(a)(1).[83]

The availability of the subject matter to the public may arise in situations such as a student thesis in a university library;[84] a poster display or other information disseminated at a scientific meeting;[85] subject matter in a laid-open patent application or patent;[86] a document electronically posted on the Internet;[87] or a commercial transaction that does not constitute a sale under the Uniform Commercial Code.[88] Even if a document or other disclosure is not a printed publication, or a transaction is not a sale, either may be prior art under the “otherwise available to the public” provision of AIA 35 U.S.C. 102(a)(1), provided that the claimed invention is made sufficiently available to the public.[89]

IV. CYBERCRIME IN THE UNITED STATES

Cybersecurity should be an issue of importance and concern for inventors seeking patent protection.[90] From 2014 to 2015, there were major cyber incidents at JPMorgan Chase, Home Depot, Staples, eBay, Neiman Marcus, Dairy Queen, Community Health Systems, Carefirst Blue Cross, Anthem, UPS, Las Vegas Sands Corp., Yahoo, Google, American Airlines, Office of Personnel Management, IRS, and Sony.[91] An official from the Department of Homeland Security stated at a conference in March 2014 that when he was briefed at DHS that morning, there were 230 cyber incidents over the preceding 24 hours.[92] The same official stated the agency had 240,000 incidents reported to it in 2013, and at least 12,000 “actionable reports,” an increase of 60 percent from the previous year.[93] A report was mentioned to the effect that “[t]he FBI and the Department of Homeland Security have notified 3,000 companies that their systems have been breached just in the course of 2013.”[94]

The Worldwide Threat Assessment of the U.S. Intelligence Community reported an increase in “malevolent cyber activity” in 2014.[95] In this report the Director of National Intelligence states that “[d]uring 2014, we saw an increase in the scale and scope of reporting on malevolent cyber activity that can be measured by the amount of corporate data stolen or deleted, personally identifiable information (PII) compromised, or remediation costs incurred by U.S. victims.”[96]

About 25 percent of all cyber incidents in 2014 involved the finance and insurance sectors of the economy.[97] The Comptroller of the Currency stated that cyber threats are perhaps the foremost risk facing banks today.[98] Recent headlines such as “CIA Director Is Said to be Hacked”[99] and “Hackers Penetrate NASDAQ Computers”[100] illustrate how prevalent the issue of cybersecurity is.

There are multiple types of cybersecurity threats that inventors should be concerned and aware of. The most common types inventors should be aware of are (a) malware, (b) phishing, and (c) insider threats.

a. Malware

“Malware” is short for malicious software, and refers to various forms of harmful software, such as ransomware, rootkits, and spyware. Once a hacker infects your computer with malware, they can take control of your machine, monitor your actions and keystrokes, or send confidential data from your computer or network to theirs.

i. Ransomware

Ransomware is a form of malware that holds a computer system captive while demanding a ransom.[101] The malware restricts user access to the computer either by encrypting files on the hard drive or locking down the system and displaying messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computer.[102] Ransomware typically spreads on a computer via a downloaded file or through some other vulnerability in a network service.[103]

ii. Rootkit

A rootkit is a type of malicious software designed to remotely access or control a computer without being detected by users or security programs.[104] Once a rootkit has been installed it is possible for the malicious party behind the rootkit to remotely execute files, access/steal information, modify system configurations, alter software, install concealed malware, or control the computer as part of a botnet.[105] Rootkit prevention, detection, and removal can be difficult due to their stealthy operation.[106] Because a rootkit continually hides its presence, typical security products are not effective in detecting and removing rootkits.[107] As a result, rootkit detection relies on manual methods such as monitoring computer behavior for irregular activity, signature scanning, and storage dump analysis.[108] Organizations and users can protect themselves from rootkits by regularly patching vulnerabilities in software, applications, and operating systems, updating virus definitions, avoiding suspicious downloads, and performing static analysis scans.[109]

iii. Spyware

Spyware is a type of malware that functions by spying on user activity without their knowledge.[110] These spying capabilities can include activity monitoring, collecting keystrokes, data harvesting (account information, logins, financial data), and more.[111] Spyware often has additional capabilities as well, ranging from modifying security settings of software or browsers to interfering with network connections.[112] Spyware spreads by exploiting software vulnerabilities, bundling itself with legitimate software, or in Trojans.[113]

b. Phishing

Phishing is a cyber-attack that uses disguised email as a weapon.[114] The goal is to trick the email recipient into believing that the message is something they want or need, such as a message from a colleague in their company, and to click a link or download an attachment.[115]

What really distinguishes phishing is the form the message takes. The attacker pretends to be a trusted entity, often a real or plausibly real person, or a company the victim might do business with.[116] It’s one of the oldest types of cyberattacks, dating back to the 1990s, and it’s still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.[117]

The availability of phishing kits makes it easy for cyber criminals, even those with minimal technical skills, to launch phishing campaigns.[118] A phishing kit bundles phishing website resources and tools that need only be installed on a server.[119] Once installed, all the attacker needs to do is send out emails to potential victims.[120] Phishing kits as well as mailing lists are available on the dark web.[121] A couple of sites, Phishtank and OpenPhish, keep crowd-sourced lists of known phishing kits.[122]

c. Insider Threats

Insider threat is a generic term for a threat to an organization’s security or data that comes from within.[123] Such threats are usually attributed to employees or former employees, but may also arise from third parties, including contractors, temporary workers or customers.[124] Among 874 incidents, as reported by companies to the Ponemon Institute for its recent 2016 Cost of Insider Threats Study, 568 were caused by employee or contractor negligence; 85 by outsiders using stolen credentials; and 191 by malicious employees and criminals.[125] Insider threats can take many forms, but threats can be categorized as either malicious or accidental.[126]

Accidental threats refer to situations in which damage or data loss occurs as a result of an insider who has no malicious intent.[127] For example, an employee might accidentally delete an important file, fall victim to a phishing attempt or inadvertently share more data with a business partner than is consistent with company policy or legal requirements.[128]

Malicious threats refer to deliberate attempts by an insider to access and potentially harm an organization’s data, systems or IT infrastructure.[129] These types of insider threats are often attributed to disgruntled employees or ex-employees who believe that the organization wronged them in some way, and therefore feel justified in seeking revenge.[130] Insiders may also become threats when they are subverted by malicious outsiders, either through financial incentives or through extortion.[131]

Although not as common, a malicious insider can also be an employee of a rival company or a member of an activist organization that opposes the organization.[132] In these situations, the attacker infiltrates the company, either by seeking employment or by posing as an employee, vendor, delivery courier or other trusted third-party.[133] Once the actor gains physical access to the facility, they look for ways to carry out an attack.[134]

A recent example of an insider threat is the lawsuit between Waymo, formerly Google’s self-driving car unit, and Anthony Levandowski.[135] It accuses him of stealing 14,000 confidential files about Waymo’s self-driving technology, including detailed designs of proprietary circuit boards and the laser ranging LiDAR systems, when he was employed there.[136] After covering his tracks, the lawsuit alleges, Levandowski pocketed a multimillion-dollar payout from Google and, using the secrets he had just stolen, promptly set up a new company, Otto, which was acquired shortly after by Uber for around $680m.[137]

V. HOW TO SAVE YOUR DATA AND YOUR INTELLECTUAL PROPERTY

If a hacker discloses your intellectual property and proprietary data then you may have just lost all potential patent rights in your research and development. Case law seems to suggest that even piratical third-party use can constitute public use under 35 U.S.C. § 102(a)(1), which would mean the requirement of novelty cannot be fulfilled.[138] Even if case law does not suggest this, an argument could be made that improper cybersecurity measures were not taken to protect one’s invention from a cyber-attack, and thus the inventor constructively allowed for the invention to be in “public use” because it was “available” to the public.[139]

The AIA was adopted into law in 2011, bringing reform and improvements to the already existing patent laws in the United States. However, it seems that at the time of the adoption of the AIA, cybercrime was not taken into consideration as a factor for exception under the public use bar. Currently, the exceptions listed in 35 U.S.C. § 102(b)[140] seem inadequate to address the issue of piratical third-party use, such as cybercrime. In sum, the text of § 102(b) appears to only offer a one-year grace period for actual and constructive disclosures made by inventors themselves. If the law allows for a one-year grace period for disclosures made by the inventor themselves, then why not at least a one-year grace period for disclosures made by unauthorized third-parties? It might be prudent to reexamine § 102(b) and add an exception for piratical-third party use. If large companies such as Yahoo and JPMorgan can be hacked, it should be of no surprise that anyone else’s system can be hacked as well. It seems antithetical to the intent of our founders and the overall policy of encouraging innovation and rewarding inventors for their discoveries, to deny an inventor, who by no fault of their own has their invention stolen, their Constitutional right to benefit from their labor by excluding others from making, using, or selling their invention.[141]

HOW CAN YOU PROTECT YOURSELF? The strategy should be proactive prevention. A reactive approach will likely yield an unwanted result for your business given the current legal landscape. There are a couple strategies you should adopt to prevent a situation like this from ever happening. First, at the outset make sure to inform your employees and vendors about the importance of proper cybersecurity practices. Inform them about the public use bar and how piratical third-party use can destroy your chances at obtaining a patent. Advise them on the different types of cybercrimes discussed above and how your intellectual property, and their employment, can be at risk if proper cybersecurity measures are not taken. Second, recommend they file provisional patent applications as soon as possible. A provisional patent application secures an application filing date and provides an additional year to experiment and perfect an invention before filing a non-provisional application. Thus, if your intellectual property is stolen after you have filed a provisional application, the release of that information to the public cannot be used to destroy your intellectual property rights.

VI. CONCLUSION

Based on the current legal landscape,[142] and the prevalence and commonality of cybercrime,[143] it is critical to adopt an aggressive use of provisional patent applications for products still in development and to promptly file patent applications for those products as soon as possible. It is crucial to seek legal guidance at the outset, rather than wait until there is a problem. At the same time, it is important for you to advise your employees on the importance of maintaining proper cybersecurity.

Eric Manski is a specialist in intellectual property at Garcia-Zamor Intellectual Property Law, LLC. He is currently pursuing his Juris Doctorate at the University of Maryland Francis King Carey School of Law in Baltimore, Maryland. He received his Bachelor of Science degree in Information Systems from the Robert H. Smith School of Business at the University of Maryland, College Park. Mr. Manski primarily focuses on business entity formation, copyrights and patents, mainly in the fields of computer sciences and mechanical technologies.

If you have any questions regarding: protecting your research and development, protecting new and recent products, responding to patent office actions, prosecuting your patent application, conducting interviews with patent examiners, branding, trademarks, patent planning or other intellectual property matters, please contact Garcia-Zamor Intellectual Property Law, LLC.

References

[1] Marc Wilczek, Widespread cybercrime costs reaching $11.7 million on average per organization, CIO,  https://www.cio.com/article/3229127/cyber-attacks-espionage/widespread-cybercrime-costs-reaching-almost-12-million-on-average-per-organization.html.

[2] Steve Morgan, Cybersecurity labor crunch to hit 3.5 million unfilled jobs by 2021, CSO https://www.csoonline.com/article/3200024/security/cybersecurity-labor-crunch-to-hit-35-million-unfilled-jobs-by-2021.html.

[3] Id.

[4] Security Response Team, What you need to know about the WannaCry Ransomware, Symantec, https://www.symantec.com/blogs/threat-intelligence/wannacry-ransomware-attack.

[5] Reuters, Target Settles 2013 Hacked Customer Data Breach For $18.5 Million, NBC, https://www.nbcnews.com/business/business-news/target-settles-2013-hacked-customer-data-breach-18-5-million-n764031.

[6] Selena Larson, Every single Yahoo account was hacked – 3 billion in all, CNN, http://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html.

[7] U.S. Const. art. I, § 8, cl. 8.

[8] Id.

[9] Gene Quinn, Patents, Copyrights and the Constitution, Perfect Together, IPWatchdog, http://www.ipwatchdog.com/2018/02/19/patents-copyrights-constitution/id=93941/.

[10] Id.

[11] The Federalist No. 43 (James Madison).

[12] George Washington, President of the United States, State of the Union Address (January 8, 1790)

(emphasis added).

[13] Quinn, supra note 9.

[14] Id.

[15] Goldstein v. California, 412 U.S. 546, 562 (1973).

[16] Quinn, supra note 9.

[17] 35 U.S.C. § 100 et seq. (2012).

[18] Leahy-Smith America Invents Act, Pub. L. No. 112-29, 125 Stat. 284 (2011).

[19] 35 U.S.C. § 101-03 (2012).

[20] Id. § 101.

[21] Id. § 102-03.

[22] 35 U.S.C. § 101 (emphasis added).

[23] Id. Based on the word “new” in the statutory language.

[24] John Villasenor, March 16, 2013: The United States Transitions to A ‘First-Inventor-To-File’ Patent System, Forbes, https://www.forbes.com/sites/johnvillasenor/2013/03/11/march-16-2013-america-transitions-to-a-first-inventor-to-file-patent-system/#4c1834d53324.

[25] Woodcock v. Parker, 30 F. Cas. 491, 492 (D. Mass, 1813).

[26] Villasenor, supra note 24.

[27] 35 U.S.C. § 102(a) (amended by Leahy-Smith America Invents Act, Pub. L. No. 112-29, 125 Stat. 284 (2011)).

[28] 35 U.S.C. § 102(b) (amended by Leahy-Smith America Invents Act, Pub. L. No. 112-29, 125 Stat. 284 (2011)).

[29] Finnegan Henderson, America Invents Act Changes, https://www.finnegan.com/images/content/1/1/v2/116002/finnegan-america-invents-act-changes-brochure.pdf.

[30] Id.

[31] Id.

[32] 35 U.S.C. § 102(a)(1).

[33] Id.

[34] Manual of Patent Examining Procedure (“MPEP”) § 2152.02(c), Ninth Edition, Revision 08.2017, Last Revised January 2018.

[35] See American Seating Co. v. USSC Group, Inc., 514 F.3d 1262, 1267 (Fed. Cir. 2008); MPEP § 2133.03(a).

[36] MPEP § 2152.02(c).

[37] See Woodland Trust v. Flowertree Nursery, Inc., 148 F.3d 1368, 1371, (Fed. Cir. 1998).

[38] See MPEP § 2133.03(a), subsection II.C.

[39] See American Seating, 514 F.3d at 1267; MPEP § 2133.03(a), subsection II.B.

[40] See Woodland Trust, 148 F.3d at 1370; MPEP § 2132, subsection I.

[41] Id. (quoting Carella v. Starlight Archery, 804 F.2d 135 (Fed. Cir. 1986).

[42] See infra.

[43] Lorenz v. Colgate-Palmolive-Peet Co., 167 F.2d 423 (3rd Cir. 1948).

[44] Id.

[45] Id.

[46] Id. at 429.

[47] 123 U.S. 267 (1887).

[48] Lorenz, 167 F.2d at 429 (citing Andrews, 123 U.S. at 270-71).

[49] Id. at 430.

[50] 940 F.Supp.2d 1229 (E.D. California., 2013).

[51] Id. at 1233.

[52] Id. at 1235.

[53] Id.

[54] Id.

[55] Id.

[56] Delano, 940 F.Supp.2d at 1235.

[57] Id.

[58] Id.

[59] Id.

[60] Id.

[61] Id.

[62] Delano, 940 F.Supp.2d at 1236.

[63] Id. at 1239.

[64] Id. at 1240 (citing Lorenz, 167 F.2d at 429).

[65] 125 F.3d 1448 (Fed.Cir.1997).

[66] Id. at 1452.

[67] Id. at 1453.

[68] Id. at 1454.

[69] Delano, 940 F.Supp.2d at 1242.

[70] Id.

[71] Delano, 940 F.Supp.2d 1229

[72] 104 U.S. 333 (1881).

[73] Id.

[74] Id. at 334.

[75] Id. at 335.

[76] Egbert, 104 U.S. 333.  

[77] Id.

[78] Id.

[79] Id. at 337-38.

[80] Id.

[81] Egbert, 104 U.S. 333.  

[82] 35 U.S.C. § 102(a)(1).

[83] MPEP § 2152.02(e).

[84] See, e.g., In re Cronyn, 890 F.2d 1158 (Fed. Cir. 1989); In re Hall, 781 F.2d 897 (Fed. Cir. 1986); MPEP § 2128.01, subsection I.

[85] See, e.g., In re Klopfenstein, 380 F.3d 1345 (Fed. Cir. 2004); MPEP § 2128.01, subsection IV.

[86] See, e.g., In re Wyer, 655 F.2d 221, (CCPA 1981); see also Bruckelmyer v. Ground Heaters, Inc., 445 F.3d 1374 (Fed. Cir. 2006).

[87] See, e.g., Voter Verified, Inc. v. Premier Election Solutions, Inc., 698 F.3d 1374 (Fed. Cir. 2012); In re Lister, 583 F.3d 1307 (Fed. Cir. 2009); SRI Int’l, Inc. v. Internet Sec. Sys., Inc., 511 F.3d 1186 (Fed. Cir. 2008); MPEP § 2128.

[88] See, e.g., Group One, Ltd. v. Hallmark Cards, Inc., 254 F.3d 1041 (Fed. Cir. 2001); MPEP § 2133.03(e)(1).

[89] MPEP § 2152.02(e).

[90] Harold S. Bloomenthal and Samuel Wolff, Chapter 24A Chapter 24A. Cybersecurity and the SEC, Going Public and the Public Corporation, 2017.

[91] Id.

[92] Statement of Larry Zelvin, Director of National Cybersecurity and Communications Integration Center, Department of Homeland Security, at Securities and Exchange Commission Cybersecurity Roundtable (“SEC Roundtable”), Mar. 26, 2014, at 0039.

[93] Id.

[94] Statement by Peter Bershar, SEC Roundtable, 0079. See Ellen Nakashima, U.S. Notified 3,000 Companies in 2013 About Cyberattacks, The Washington Post (Mar. 24, 2014).

[95] Director of National Intelligence, Worldwide Threat Assessment of the U.S. Intelligence Community (Feb. 2015), http://www.dni.gov/files/documents/Unclassified_2015_ATA_SFR_-_SASC_FINAL.pdf.

[96] Id.

[97] IBM 2015 Cyber Security Intelligence Index (2015).

[98] S. Orszula, Banks and Cybersecurity from a Regulatory and a Risk Perspective, Inside Counsel, Aug. 20, 2015; See also GAO, Cybersecurity: Bank and Other Depository Regulators Need Better Data Analytics and Depository Institutions Want More Usable Threat Information, July 2, 2015.

[99] Damian Paletta, CIA Director’s Private Email Account Was Hacked, News Report Says, The Wall Street Journal, Oct. 20, 2015.

[100] Devlin Barrett, Hackers Penetrate NASDAQ Computers, The Wall Street Journal, Feb. 5, 2011.

[101] Neil DuPaul, Common Malware Types: Cybersecurity 101, Veracode, https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101.

[102] Id.

[103] Id.

[104] Id.

[105] Id.

[106] Id.

[107] DuPaul, supra note 101.

[108] Id.

[109] Id.

[110] Id.

[111] Id.

[112] Id.

[113] DuPaul, supra note 101.

[114] Josh Fruhlinger, What Is Phishing? How This Cyber Attack Works and How to Prevent It, CSO, https://www.csoonline.com/article/2117843/phishing/what-is-phishing-how-this-cyber-attack-works-and-how-to-prevent-it.html.

[115] Id.

[116] Id.

[117] Id.

[118] Id.

[119] Id.

[120] Fruhlinger, supra note 114.

[121] Id.

[122] Id.

[123] Margaret Rouse, Definition: insider threat, Search Security, https://searchsecurity.techtarget.com/definition/insider-threat.

[124] Id.

[125] Ponemon Institute LLC, 2016 Cost of Insider Threats Benchmark Study of Organizations in the United States (2016).

[126] Rouse, supra note 123.

[127] Id.

[128] Id.

[129] Id.

[130] Id.

[131] Id.

[132] Rouse, supra note 123.

[133] Id.

[134] Id.

[135] Mark Harris, Who is Anthony Levandowski, and why is Google suing him?, The Guardian, https://www.theguardian.com/technology/2017/feb/23/anthony-levandowski-google-uber-self-driving-cars-lawsuit.

[136] Id.

[137] Id.

[138] See supra, Part III.b.i.1.a-b.

[139] See supra, Part III.b.i.

[140] Disclosures made 1 year or less before the effective filing date of the claimed invention.—A disclosure made 1 year or less before the effective filing date of a claimed invention shall not be prior art to the claimed invention under subsection (a)(1) if— (A) the disclosure was made by the inventor or joint inventor or by another who obtained the subject matter disclosed directly or indirectly from the inventor or a joint inventor; or (B) the subject matter disclosed had, before such disclosure, been publicly disclosed by the inventor or a joint inventor or another who obtained the subject matter disclosed directly or indirectly from the inventor or a joint inventor.

[141] See supra, Part II.a.

[142] See supra, Part III.

[143] See supra, Part IV.