Paper 3: Software Patents / Data Protection

Paper 3: Software Patents

Due: Jun 29, 2012, but no late penalties until July 3 Comp 317/417, Dordal

Choose one of the following.

1. Are software patents a special case?

There are actually two issues; you can focus on both or else either one alone:

Are software patents a special case?
Are software patents beneficial, on the whole, to the economy?

If the answer to the second question is "yes", then one might be inclined to support software patents even if they were a different case from physical-machine patents. If the answer to the second question is "no" or even "maybe not", however, then the first question warrants careful consideration.

Paul Graham wrote

There's nothing special about physical [machines] that should make them patentable, and the software equivalent not.

Argue your position, and come to some sort of conclusion. Your conclusion should suggest some broad position on the usefulness of software patents themselves.

The purpose of patents is to encourage innovation and investment in innovation, for social progress. Does this principle apply to software as well as machinery and pharmaceuticals? Are software patents, on the whole, of benefit to society? Do they foster innovation, leading to more software ideas for everyone? For the purposes of patent law, should software be included?

Here are a few justifications that have been advanced for considering software patents to be fundamentally different:

Software is often about abstraction, and abstract ideas
Software has greater generality than physical machines
Algorithms are fundamentally mathematical facts rather than inventions
Many software "inventions" are straightforward implementations of broad ideas
Often the "creativity" in software is simply realizing that, yes, there is a market for the product

Others have argued that the only specialness of software patents is that the patent office allegedly has difficulty conducting patent examinations for software. Still others argue that it is the existence of open source that makes software patents unique.

In the I4I v Microsoft case, an obscure patent about a data structure for holding XML tags became very expensive for Microsoft, once the data structure in question was interpreted so broadly as to cover any method of manipulating XML structure separately from data. Does this represent a fundamental problem with the use of abstraction (ie in describing data structures) in computer science? Or was this just a quirk of the judicial system?

The Supreme Court decided the Bilski case in June 2010 and agreed that some abstract ideas are not patentable. Does this affect software patents?

Yet another way to address the two questions above is that, yes, Graham was right, but that software should be subject to different patent rules. If this is what you feel, propose different rules and argue for them. If your main argument is that software is indeed a special case, you may either make the case that it is so different that patents should not apply, or make the weaker argument that special patent rules should apply. If you are arguing that software is not a special case, you do not necessarily have to argue that all the rules should be the same.

Discuss both sides, and come to a conclusion. Your conclusion should either support one side or the other (perhaps with qualifications), or else it should outline some sort of "compromise" position.

If you are arguing against patents generally, please make that clear (in that case, you are probably not arguing that software is different, though you might argue that the case against software patents is stronger). If you argue against all patents, you should be sure you understand your argument's implications for, say, the pharmaceuticals industry.

Keep in mind the following points (though you don't have to address them all):

Incentives to innovation and development
Litigation costs as a negative social side-effect
Inventor's rights
Public's rights to shared ideas
Conflicts between patented software and open source
Whether software is "too abstract" to be patentable in general (Bilski's process was held to be too abstract)
Many claimed software inventions are straightforward implementations using existing components

2. Protecting financial data

We've talked about several thefts of credit-card data and other personal information (see Class 11 & 12 notes for particulars). If someone has our physical possessions, we likely know about it, because we're without. But information can move around and we have no idea where it is or who might have a copy. Protecting our interests is much more difficult, either before or after a leak.

What is the best way of handling the problem of protection of our data that is held by third parties? Here are a few approaches mostly focusing on credit-card data though a couple also apply to "identity theft". When financial data is leaked, this can lead either to fraudulent charges or to full-scale "identity theft".

consumers will choose companies with higher data-protection standards, and less-careful companies will lose business. (This is the classic free-market argument).
consumers can bring civil class-action lawsuits against companies with lax standards; companies will not want to risk lawsuits
credit-card companies and banks can bring civil lawsuits against merchants and processors with lax standards
self-regulation by the industry (some other items on this list amount to specific forms of that; here I just meant voluntary industry standards)
merchant regulation by the credit-card companies (who have the strongest incentive to see to it that credit-card data is seen as safe; this is also a free-market argument)
governmental regulation of data security
mandatory consumer notification after a leak
better monitoring of credit bureaus to find out who is applying for credit in our name, perhaps paid for by sites that have suffered data leaks. One commercial monitoring company is lifelock.com.
continued expansion of credit-card algorithms to detect "anomalous" spending patterns
government requirements that security breaches be disclosed to affected individuals
requiring banks to have more information about a person than just a social-security number before issuing a loan or credit card
mandating a stronger password-security system for credit cards than the current CVV2 three-digit number that is changed every three years

Discuss briefly the issues involved in some of these approaches to ensuring data security, including advantages and disadvantages. Can you think of any further examples, or any combinations that seem likely to be especially effective? Which are likely to be less effective?

Then pick one overall approach (or combination) and explain why you think it is best. Acknowledge any remaining deficiencies and problems.

Credit and debit card companies reimburse personal customers for any unauthorized charges, although it is usually up to you to point out something is unauthorized. Usually they cover the full cost; they legally may cover only amounts above $50. Note, however, that unauthorized debit transactions for commercial accounts (eg small businesses) may be completely unrefundable.

(Credit and debit cards part company regarding how much time you have to report a lost card; your debit-card liability may skyrocket after two days. Also, credit-card issuers usually reimburse you for charges that have led to disputes with the retailer, such as merchandise not as described or not as expected, under many circumstances they are in fact required to; these issues are entirely different from charges that were never authorized.)

Your paper (either topic) will be graded primarily on organization (that is, how you lay out your sequence of paragraphs), focus (that is, whether you stick to the topic), and the nature and completeness of your arguments.

It is essential that all material from other sources be enclosed in quotation marks (or set off as a block quote), and preferably with a citation to the original source as well.

Expected length: 3-5 pages (800+ words)