Comments on: New Products, Emerging From Chaos

By: Greg Broiles

Greg Broiles — Wed, 01 Mar 2006 00:05:10 +0000

I suspect that the expiry of the RSA patent didn’t lead to a visible explosion of new cryptographic uses/applications because (1) infringement was rampant among users of open-source and offshore-sourced software, especially because the RSA patent was only enforceable in the US; and (2) the RSA algorithm itself didn’t enable especially interesting applications, it was the RSA algorithm + a symmetric crypto algorithm + a well-known protocol (e.g, SSL/TLS or S/MIME or PGP messaging or whatever) that was interesting. The most widely used crypto protocol/application in use at the time that the RSA patent expired was SSL, which required the use of RC4, which was at that time still an algorithm that RSA claimed was their proprietary intellectual property (trade secret), despite widely disclosed implementations. (I’ve lost track of RC4’s legal status – perhaps RSA still claims it’s a trade secret.)
And, again, the RC4 IP claims were widely ignored among individuals and people outside the US jurisdiction; effectively, the US’ crypto export control scheme encouraged the development of foreign crypto development expertise, which meant that at the time of expiration, there were publishers, developers, and users who had no practical reason to pay any attention to RSA’s IP claims, since they were already operating outside of the reach of US law.
Pre-expiry of the patent, RSA made it very tough to get a bare patent license to the RSA algorithm – they much preferred to license the algorithm along with some of their copyright/trade secret code and libraries, which they continued to own and license after expiration – so for US-based developers in business prior to expiration, the expiration itself wasn’t an especially significant milestone, since the libraries they licensed from RSA continued to be subject to RSA’s other IP claims.

By: Iang

Iang — Tue, 28 Feb 2006 09:11:08 +0000

Mordaxus writes: “And we did start seeing a lot of innovative use after the patent expired, particularly in open source.”
We did?
Patents do create a drag, like sand in the wheels, but if one is careful they are no more of a drag than any other of 100 factors. It’s very rare that there isn’t an alternative which isn’t workable.
Perhaps as applicable, patents tend to be a touchstone for complaints that often far outweigh their direct effect. A canonical example is the blinding patents, which were bemoaned for their entire life. Yet, there are plenty of ways to do that stuff without the patents, and when the first patent expired, nobody noticed except the hard core cypherpunks. Meanwhile, those hard core cypherpunks never noticed that the market judged in favour of simple web site based monies (Paypal was originally a PDA tool that *could* have used blinding).

By: Ian Rae

Ian Rae — Mon, 27 Feb 2006 22:58:31 +0000

I think the practical aspects of technology often get in the way. It certainly depends in which field but I don’t feel that patents in the computing industry are holding things back, at least not like they do in the pharmaceutical industry. Implementing stuff really well, in a cost-effective way, and educating the market on why it is useful and worth paying for is generally far harder than the original patent.

By: Mordaxus

Mordaxus — Sat, 25 Feb 2006 03:47:12 +0000

Yes, but. SSL is patented, and I’d give it as an example of precisely your point. SSL is wildly successful, and in part because there is a free license for anyone who doesn’t sue Netscape (AOL) in such a way that it prevents them from using SSL.
Also, when the RSA patent expired, I predicted a two-to-three-year skew because patents give a monopoly on “make,” “sell,” or “use.” A properly paranoid person wouldn’t start development until after the patent expires. And we did start seeing a lot of innovative use after the patent expired, particularly in open source.
I have a rule, that is that if a technology needs the network effect to be useful, then patents slow down adoption because it is a limited monopoly on use.

By: Adam

Adam — Fri, 24 Feb 2006 17:41:46 +0000

Thats a really good point with regards to RSA. I think your other point, regarding transaction costs and friction, will require a whole post to respond to.

By: albatross

albatross — Fri, 24 Feb 2006 16:37:09 +0000

Note that when RSA’s patent went away, we didn’t suddenly see an explosion of strong cryptography actually being used by people. That’s what you’d expect if patents were a major roadblock to new crypto being adopted. And RSA is a pretty interesting case, because they were pretty famous for driving really painful bargains, at least with small companies. Nobody looked forward to negotiating a patent with these guys.
One thing I will point out with patents, though, is that patents on marginal improvements to the state of the art are a net loss to mankind. You’re designing a system, and you can either use CCM right now, or try to negotiate a patent for OCB. Now, there are multiple people claiming some rights there, but even if it were just a matter of going off and writing Rogaway a $100K check, it’s often organizationally painful to do that. Somehow, multiple layers of management, the legal department, etc. seem to need to be involved. Unless the factor of two speedup is enormously important for your application, you’re going to find it much easier to go with the slower, but unpatented, mode. This is a pity, because OCB is really cool, and deserves to be widely used. Similar comments apply to elliptic curve stuff (which is also cool technology that deserves to be more widely used than it is).