Defeating Patents that Threaten Internet Security: Yes We Can

By Elliot Forhan and Alex Moss | August 26, 2021

The patent system is supposed to make technology better and more accessible. Patents that broadly cover computer security standards do the opposite. Thankfully, Internet users, web developers, and security researchers are safe from one patent assertion entity that had threatened public access to essential security technology. 

Last week, Datawing Limited, a U.K. company, sent letters to 25 small companies, demanding payment and accusing them of infringing U.S. and U.K. patents. According to the letters, the companies infringed because they enabled Content Security Policy (CSP)—a computer security standard for preventing attacks by malicious content—on their websites.

As the Register's Gareth Corfield explains, “CSP works by limiting what resources a browser can load when it fetches a page.” Because CSP works by limiting what a browser does, the code is built into web browsers, like Firefox, Chrome, and Internet Explorer, rather than individual websites. Instead of going after big companies with the resources to defend themselves, Datawing went after small companies that merely enabled this browser feature. 

Nor did Datawing invent what their patents broadly claim: the relevant features of CSP are older. After prominent security researcher Scott Helme blogged and tweeted about Datawing’s demands, Twitter users quickly identified a host of references describing the patented features—among them, a 2005-era blog post that came substantially before Datawing’s 2011 patent application.

When the Public Interest Patent Law Institute heard about Datawing’s demands, we offered to help however we could. But you—the public—came to the rescue first. As a result of your outcry and discovery of numerous references that could invalidate its patents, Datawing dropped its demands, telling the Daily Swig’s John Leyden they were “ill advised,” and that the company would “be writing to the 25 companies concerned to apologise for the upset caused.”

As this shows, the public can change the way patents impact our lives for the better.  But it can only do so if it learns about demands like Datawing’s. Unlike court filings, demand letters are secret by default. If a company asserting overbroad patents on essential technology sends a similar demand to you or anyone you know, please let the public and PIPLI know. You can always contact us here. Together, we can make all the difference.