Flash Digest – News in Brief

Cybersecurity Digest Reports Flash Digest

Court Easily Dismisses Patent Troll in Cloudflare Lawsuit

Order Granting Motion for Judgment on the Pleadings and Granting Motion to Dismiss, Blackbird Tech LLC v. Cloudfare Inc., No. 17-cv-06883-VC (N.D. Cal. Feb. 12, 2018)

Internet infrastructure firm Cloudflare emerged victorious on Monday, February 12 in a patent infringement suit brought by Blackbird Technologies. “Patent troll” Blackbird has collected dozens of patents in recent years, and filed over 100 lawsuits against companies like Netflix, Reebok, and Fitbit. When they brought this case in May of last year, however, TechDirt commented that they had picked the wrong target. While most companies faced with a patent infringement suit simply pay a nuisance settlement, Cloudflare vowed to fight back. In an extensive blog post, the company attacked Blackbird’s operating model, called out their attorneys by name, and announced crowdfunding efforts to invalidate all of Blackbird’s patents.

Many were therefore pleased to see the lawsuit thrown out so quickly, viewing it as a victory over patent trolling operations generally. The dispute involved US Patent No. 6,453,335, an invention which claims to conveniently incorporate third-party data into an existing Internet connection. Cloudflare filed a preliminary motion for judgment on the pleadings, arguing Blackbird’s patent should not have been granted in the first place. Judge Chhabria of the US District Court for the Northern District of California agreed, stating that “abstract ideas are not patentable.” In the opinion, Judge Chhabria reasoned that the processing device meant to be protected by the patent “can be nearly anything and can be placed nearly anywhere.” Rather than protecting a discrete invention, he held, the patent “monopolize[s] the abstract idea of monitoring a preexisting data stream between a server and a client” and is invalid as a matter of law.

In the wake of the decision, Cloudflare celebrated the ruling as supportive of their position, and admonished the behavior of patent trolls. General counsel Doug Kramer called Blackbird’s patent “absurdly broad,” and accused Blackbird of using it to “harass” multiple innovative companies contributing to the economy. While Blackbird still has a right to appeal the court’s order, Cloudflare stated that it will “be ready to respond.”


Google Announces Access to Their AI Chips Through Cloud Computing

In 2016, Google announced it had designed a custom chip (called a Tensor Processing Unit, or TPU) to power its artificial intelligence systems. The chips boasted the ability to handle extremely complex processes, and were accessible only to a select group of researchers––until now. The New York Times reported on Monday that Google will allow other companies to purchase access to the hardware via the cloud. For $6.50 per TPU per hour, businesses can see the potential benefits advanced AI could have for their businesses.

Public trial of TPUs will allow Google to speed up its AI work, attract more business to its cloud services, and reduce reliance on “middleman” suppliers from whom it previously purchased chips. In addition to TPU chips, Google has an AI chip for its smartphones, and has designed its own servers and network hardware. This structure signifies major changes in technology operations, with companies like Google emerging not merely as internet companies, but major hardware producers. In fact, the same day as Google’s announcement, a report from The Information indicated that Amazon is working to develop its own AI chips as well. Amazon’s primary goal is the improvement of Alexa’s response time for the Echo, but the report also suggests they may be working on chips for Amazon Web Services geared toward machine learning.

As the likes of Google, Amazon, and Apple duel to reign supreme in AI chipmaking, questions surrounding the future of AI law become ever more pressing. AI chips will allow cars to make decisions on their own, enable our mobile devices to learn from their past experiences, and give our home devices extensive access to our sensitive information. To get ahead of liability issues and other legal questions, TechCrunch suggests that it is imperative for the industry to develop standards for neural network architecture (a neural network contains instructions to train and interpret an AI model), in addition to expectations for AI quality control.


Recent Cryptomining Incidents Reveal a Changing Threat Landscape

The frenzy over cryptocurrencies in late 2017 took a sharp downturn when the cryptocurrency market lost over $370 billion in January of this year. Market commentators have raised a number of theories to explain the sell-off, pointing to regulatory crackdowns in Asia, the increasing number of lawsuits involving cryptocurrency scams, and Facebook’s recent ban on cryptocurrency advertisements.

A more behind-the-scenes problem in the cryptocurrency market is that of cryptocurrency mining. Currency-mining code, first introduced by a company called Coinhive, leverages computing power to generate digital coin directly within the web browsers of unsuspecting users. While use of Coinhive’s services is not inherently illegal, and their Terms of Service prohibit users from using Coinhive “for illegal purposes,” the technology is increasingly abused. For instance, the technology has been incorporated surreptitiously into websites, using up to 100% of users’ CPU resources without warning or permission. Security provider Malwarebytes has come to call the phenomenon “drive-by mining.”

Ars Tecnica reports that the practice shows no signs of abating, with two significant incidents detected last weekend. The first breach, on February 11, changed the JavaScript code of Browsealoud, a free text-to-speech translation service. The incident affected 4,275 sites that offer Browsealoud, including those operated by US federal courts. The illicit mining ended only when the company announced a two-day suspension of their services. The second incident targeted millions of Android devices, as part of a campaign that appears to have started as early as November 2017. So far there are five known sites affected, which collectively receive around 800,000 visits daily.

The legal implications of drive-by mining remain unclear. Energy usage is a major concern­–according to the Washington Post, electricity costs for servers mining cryptocurrency in Iceland now exceed private energy consumption in the country. Perhaps most concerning, however, is that it is impossible for end users to know whether they are mining for a website owner or for a malicious attacker that has hacked the site. If last weekend’s incidents are any indication, miners have the ability to alter code that the US court system and thousands of other organizations use on their websites. This raises questions surrounding the risks of stolen log-in credentials, mobile device malware, and who can be held liable when browser flaws are exploited.


Danica Harvey is a 1L student at Harvard Law School.