By Keith Bergelt, CEO of Open Invention Network (OIN)
According to the FBI’s Internet Crime Complaint Centre, by June of 2020, daily digital crime in the U.S. had risen by 75%, since the start of the stay-at-home restrictions generated by the COVID-19 pandemic. The U.S. Federal Trade Commission reports that by June 30th, it had received almost 140,000 reports since the start of the year, nearly as many as it received for all of 2019. Interpol’s cyber-crime division, reports that as the pandemic continued, criminal networks have increasingly shifted their targets to big companies, governments, and critical infrastructure, away from individuals and small businesses.
Gartner estimates that businesses on average spend 5% to 8% of their overall technology budget on cybersecurity. As of June 2020, it predicts a 33.3% increase in spending on cloud security, over 2019. Other areas seeing growth are data security at 7.2%, application security at 6.2%, identity access management, and infrastructure protection. By the end of 2020, these estimates may turn out to be low considering that businesses are increasingly employing remote working, which may require additional cybersecurity spending to protect their systems adequately.
A Cybersecurity Ventures report issued in late-2017, states that cybercrime damage is estimated to reach $6 trillion annually by 2021. Due to the convergence of an escalation in the number of security vulnerabilities, an increase in hacker capabilities and tools as well as the GDPR legislation enacted in the European Union, the estimated costs due to cybercrime may be conservative.
In order to meet the cybersecurity challenges of tomorrow, information security companies and governments must invest and rapidly deploy new, innovative systems. A potential impediment is the growth of cybersecurity technology-related intellectual property lawsuits.
Cyber Security Patent Lawsuits on the Rise and The Need for Shared Innovation in Cyber Security
The expected growth in the security software industry has the potential to be significantly disrupted and its innovation impaired by patent lawsuits. With the industry’s growing market size, many aggressive entrants, and an open-source software model that is fast becoming the standard way of moving innovation forward, there is a potential for established vendors to look to impair these growth drivers through the use of the intellectual property.
In mid-January of 2020, Zscaler agreed to pay $15 million to settle all patent infringement lawsuits filed by Symantec, just three months after Broadcom purchased Symantec’s enterprise security business. The settlement amount is just under five percent of Zscaler’s annual sales.
Finjan Holdings Inc., a security technology company turned Patent Assertion Entity (PAE), has been the most litigious actor in the cybersecurity market. They have successfully sued for awards and licensing fees from Symantec, FireEye, and Sophos, among others. In October of 2020, a Finjan lawsuit will proceed to trial asserting five U.S. Patents against Cisco. Finjan has pending patent infringement lawsuits against Palo Alto Networks, ESET, SonicWall, Check Point, Rapid7, Fortinet, Qualys, and Trustwave/SingTel, relating to more than 15 patents.
Open Source is Driving Innovation Across the Business Spectrum
Open source is a leading technology in smart cars, IoT platforms, blockchain technologies, and cybersecurity software projects. Today, open-source code is so effective and cost-efficient that it is used in more than 90 percent of all commercially available software. In fact, it is impossible to catalog all of the daily touchpoints the average person has with an open source-powered product or service. Growth in security open-source software (OSS) projects, like all manner of OSS development and usage, is growing at a rapid pace due to the innovations the community consistently achieves.
While it has experienced exponential growth, the successful proliferation of open source in cybersecurity technology as well as banking networks, mobile devices, telecom networks, smart cars, cloud computing, and blockchain platforms, among others, was not always a foregone conclusion. In 2003, there was an intellectual property (IP)-based attack on Linux, the most important and prolific OSS project.
Fostering Patent Non-Aggression in Core Cybersecurity Technology
While the claims underlying the litigation ultimately were found to be without merit in the court proceeding, it was a wake-up call to several IP-savvy companies as to the potential negative impact of patent aggression on the growth of Linux and OSS projects. IBM, Red Hat, and SUSE (then Novell) coordinated an effort with Sony, Philips and NEC to architect and implement a solution designed to create a “patent no-fly zone” around the core of Linux, called the Linux System. The organization is charged with administering this patent no-fly zone, utilizing a free license to require participant companies to forebear litigation and cross-license patents in the core of Linux and adjacent OSS. In the 15 years since its formation, the organization has grown into the largest patent non-aggression community in history with an excess of 3,300 participant companies that own upwards of 2.5 million patents and applications.
In addition to administering the highly successful royalty-free free license, the organization has been one of the most active users of the America Invents Act’s pre-issuance submission program and through its actions prevented the grant of hundreds of patent applications with overly broad claims that, if issued as submitted, would have threatened Linux technology and products for years to come. This community-based organization also routinely uses its central role as guardian of patent freedom in the open-source community to gather critical prior art to neutralize Linux-related litigation and pre-litigation patent assertions. In some cases, it has taken the extraordinary measure of forward deploying key assets from its defensive patent portfolio of more than 1,300 patents and applications to companies at risk or in litigation for the purpose of allowing these companies to better defend themselves from patent antagonists with often far larger patent portfolios and deeper pockets seeking to slow or stall the progress of Linux.
Given the current environment and trends, the cybersecurity industry will increasingly be an investor in technology, and it will be a significant driver of technological innovation. The organization and community will continue to evolve to include core open source technology in the Linux System and thereby insulate its members from patent risk in technologies and markets where OSS is adopted. As the threat landscape morphs and new patent challenges arise from the ranks of operating companies and PAEs, the community will remain vigilant in acting to ensure fewer poor quality patents are issued, more poor quality granted patents are invalidated and the community of companies pledging patent non-aggression in the core of Linux and adjacent open source technology grows.
In order for the creativity and inventive capacities of the hundreds of thousands of people developing around cybersecurity technology to be realized, it is vital that patent non-aggression in the core is safeguarded. Companies and individuals seeking to support patent non-aggression in cybersecurity systems should participate as members of this community by becoming signatories of OIN’s free license and, in so doing, commit to the onward sustainability of the collaborative model of innovation that is central to open source.
About the Author
Keith Bergelt is the CEO of Open Invention Network (OIN), the largest patent non-aggression community in history, created to support freedom of action in Linux as a key element of open-source software. Funded by Google, IBM, NEC, Philips, Sony, SUSE, and Toyota, OIN has more than 3,300 community members and owns more than 1,300 global patents and applications. The OIN patent license and member cross-licenses are available royalty-free to any party that joins the OIN community.