Subject: Re: quickly find what applications are affected by RSA
To: None <current-users@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: current-users
Date: 09/08/2000 03:43:46
On Fri, Sep 08, 2000 at 08:11:23AM +0100, Alasdair Baird wrote:
> Thor Lancelot Simon writes:
> 
>  > The "clever trick" is ignoring the entire body of statute, regulation, and
>  > precedent relating to contributory patent infringement.  Quite a trick,
>  > huh?
>  > 
>  > Thor
> 
> There is no law here (Britain) to allow the patenting of something as
> intangible as an algorithm.  Indeed I believe the US is pretty unique
> in allowing something as daft as that to occur.  If I implement and use
> the RSA algotithm outside of the US I am in violation of no internationally
> recognised patent law.

So what?  I didn't say you were.  Although I don't care to quibble about
the details, it is a fact that lots of things you wouldn't expect to be
patentable because they're "algorithms" almost certainly are, not just
where I live but where you live as well.  The usual trick is describing
a machine implementing the algorithm that is general enough to proscribe
anyone else from building a practical machine that does so.  Now, you
aren't supposed to be able to do that *anywhere* (the classic example
is that you can't patent rockets that fly to the moon and you're not
supposed to be able to patent rockets that burn fuel (or go "up" or some
other very general property of rockets) and fly to the moon either) but
the examiners manage to screw this up all over the world with great
regularity.  It is unquestionably the case that in the United States,
particularly in the 1980s, the examiners were particularly bad in this
regard and are only slowly getting better.  You can get this kind of
mistake "fixed" only at such tremendous expense (the expense of engaging
in patent litigation, one of the most expensive kinds of litigation there
is) and risk that it's almost never worthwhile to try in any real-world
situation.

In point of fact, however, the RSA patent _did_ issue in England and
was, thank goodness, challenged and ruled invalid.  RSA have never
tried to enforce it anywhere else in the world except the US since
then (I believe they originally designated only the US and EU and
lost rights in the EU when they did in England, but you can find
the full history on the web).  However, in the US nobody ever felt
like really fighting about it in court until very recently, and now
the patent's dead.  Bear in mind that it's highly probable that RSA
settled with several other parties rather than run the risk of
having their patent overturned here, too, but if you weren't a party
with enough money to fight RSA in court, your chances of such a
quiet settlement were essentially nil.  I infer that RSA must have
settled with a number of companies from the fact that you can find
a surprising number of patent lawyers out there who know a lot of things 
about the history of the RSA patent that it's pretty doubtful they'd know
if they hadn't been planning to engage in, or had engaged briefly in,
litigation over it.  Many of these lawyers worked at or for certain
Very Large Companies, say, 10 years ago.

But that's all pretty much by the wayside.  The NetBSD Foundation is,
for better or for worse, a legal entity *in the United States* and it has 
plenty of developers who don't care to be liable here, either.  We are
where we are, and we do our best to stick to the laws as we understand
them; sometimes we supplement our understanding by asking lawyers.  In
this *particular* case, I provided every detail I could obtain of what
OpenBSD was doing wrt RSA to my patent attorney and asked if we could
or could not safely do the same thing.  I was advised in no uncertain
terms that it would be a very bad idea for us to do so, and that it
was not clear that were we to take steps that accomodated a third
party not in the U.S. doing so, or even if we were to somehow move
the NetBSD entity out of the U.S. we could avoid liability in the U.S.
for contributory patent infringement using a scheme of the kind we're
talking about.

Perhaps someone else's lawyer gave him different advice.  I trust mine;
if you want another opinion, get your own. :-)