Saturday, February 02, 2008

Microsoft takeover of Yahoo may be a major privacy battleground

Peter Swire takes a look at the proposed Microsoft takeover of Yahoo from a privacy perspective, at the Center for American Progress.

"Privacy issues will be central to the forthcoming antitrust merger review of today’s $44.6 billion bid by Microsoft Corp. for Yahoo Inc. U.S. antitrust authorities have already studied these privacy issues in connection with the proposed merger of Google Inc. and DoubleClick, which is still under review in Europe...

When it comes to the intersection of privacy and antitrust, the Google/DoubleClick merger will now look like a warm-up act for Microsoft/Yahoo. In the Google case, all five commissioners agreed with the central point of my testimony to the FTC this past October, in which I detailed why privacy can be an important non-price aspect of competition.

Commissioner Pamela Harbour cited my testimony in voting to block the merger. She recognized that antitrust law should ensure competition “based on privacy protections or related non-price dimensions.” The majority, while voting to approve the merger, agreed with the key point that privacy can be relevant to a merger, saying “we investigated the possibility that this transaction could adversely affect non-price attributes of competition, such as consumer privacy.”

The first message from the Google/DoubleClick merger review is that the FTC understands competition is not only about price. Competition has always included non-price aspects, such as the quality of goods. In the information age, a merger can shift practices from low-surveillance to high-surveillance."

Friday, February 01, 2008

Government response to petition on ContactPoint

I just received an email from 10 Downing Street relating to the petition asking government to abandon plans to create the Information Sharing Index, a national database of all children aged between birth and eighteen. The email provides a links to the section of the pm website containing the government response. Extracts from the response:

"ContactPoint will provide a quick way for practitioners to find out who else is working with the same child or young person to make it easier for them to deliver better coordinated support to children and families...

No case information will be held on ContactPoint...

ContactPoint is being developed with extensive input from a wide range of stakeholders..

ContactPoint will cover all children in England because it is not possible to predict accurately, in advance, which children will need additional services...

The Government has been considering feedback and looking carefully at the implications that the proposed changes could have on the system. It is clear from the considerable work done so far that more time than originally planned is needed to address the changes to ContactPoint which potential system users suggested...

Security is, and always has been, of paramount importance...

Like all other Government Departments, the Department for Children, Schools and Families has recently conducted a review of how personal data is stored and protected. As a result of that review the Government is confident that there are very robust procedures in place for ContactPoint. In addition, the Secretary of State for Children, Schools and Families has commissioned Deloitte to undertake an independent assessment of ContactPoint security procedures. The independent assessment will report back in early in early 2008."

Whilst it is theoretically technically correct to say that ContactPoint will not contain any case information it is a open door index to the eCAF (electronic Common Assessment Framework) which will hold detailed case infromation, since it will contain "An indication as to whether a service or practitioner holds an assessment under the Common Assessment Framework or whether they are a lead professional for that child."

It will cover all children in England (apart from those of high profile politicians or celebrities for security reasons) because it is not possible to identify in advance those who will need help, so rather than focusing on identifying those who need help, by throwing more data hay on an already difficult to navigate data haystack you'll make it much more difficult to find those who really need support.

They're considering feedback so the system will take longer to get off the ground than originally planned.

As a result of the recent damaging personal data security leaks by government they have thought about the security of the ContactPoint system and are 'confident' that it will be secure. But just in case they are wrong they have commissioned Deloitte to look at the security issues.

Let's just repeat again that you cannot build a large database, containing significant amounts of personal data, to which hundreds of thousands of people are required to have access as a routine part of their jobs and expect it to be secure. No amount of misplaced confidence will make it secure and large numbers of false negative and false positive flags will lead to a significant amount of harm, as already over-stretched child support professionals get involved with cases where they are not needed and fail to be alerted to cases where there services are, in some instances desparately, required. And that is just how the system will fail naturally as a result of technical and human error. Add into the mix those with a malign intent to exploit the system for their own nefarious ends and you end up exposing children targeted by such people to serious risks.

Update: ARCH initial reaction here.

RealPlayer badware?

Brian Krebs at the Washington Post reports that the latest versions of RealPlayer are badware.

"An industry-academia group designed to raise public awareness about software that violates fair information and privacy practices has labeled recent versions of RealPlayer video streaming software as "badware," charging that the software surreptitiously installs pop-up ad serving software as well as the Rhapsody media player engine.

Stopbadware.org issued an alert about two software titles from RealNetworks - RealPlayer 10.5 and RealPlayer 11, saying each violated the group's badware guidelines...

John Palfrey, executive director of the Berkman Center and a professor of Internet law at Harvard, said the RealNetworks company has a history of operating at the margins of consumer privacy issues. "What was clear to us was that [RealPlayer] 10.5 and 11 went over what was, to us, a clear line."

Palfrey said Google was unlikely to list RealMedia's site as badware, however: that classification, he noted, was generally reserved for sites that try to install unwanted or malicious software when a person merely visits the site."

If you're interested in learning practical ways to protect yourself from this kind of intrusive software then I can recommend the Open University's ten week course on Vandalism in Cyberspace: understanding and combating malicious software, part of the University's Relevant Knowledge offerings.

Thursday, January 31, 2008

Latest EDRI-Gram available

The latest EDRI-Gram is now available. Contents:

The Stasi v the database state

Timothy Garton Ash must have been reading Andrew Curry's piece in Wired. As someone who knew East Germany from the inside we should take him seriously when he says:
This has got to stop. Britain's snooper state is getting completely out of hand. We are sleepwalking into a surveillance society, and we must wake up. When the Stasi started spying on me, as I moved around East Germany 30 years ago, I travelled on the assumption that I was coming from one of the freest countries in the world to one of the least free. I don't think I was wrong then, but I would certainly be wrong now. Today, the people of East Germany are much less spied upon than the people of Britain. The human rights group Privacy International rates Britain as an "endemic surveillance society", along with China and Russia, whereas Germany scores much better...

The fantastic advance of information and communications technology gives the state - and private companies as well - technical possibilities of which the Stasi could only dream. Most of your life is now mapped electronically, minute by minute, centimetre by centimetre, through your mobile phone calls, your emails, your web searches, your credit card purchases, your involuntary appearances on CCTV, and so on. Had the East German secret police had these snooping super-tools, my Stasi file would have measured at least 3,000 pages, not a mere 325.

We therefore need to strengthen the protection of data, privacy and civil rights simply to remain as free as we were before. As technology lifts the sea level of information flow, we have to build up the dykes...

Of course that flourish about the Stasi is hyperbole. As someone who actually lived under the Stasi, I know we're nowhere near that. But the amount of information collected and shared - not to mention lost - by the British government far exceeds the Stasi's modest 160km of paper files. The potential for it to be abused, in the wrong hands, is simply enormous. Liberty is not preserved simply by putting our trust in the good intentions of our rulers, civil servants and spooks. The road to hell is paved with good intentions.
Thanks to Glyn via the ORG list for the pointer.

Wednesday, January 30, 2008

Watchdog sides with MI5 to reject phone-tap evidence

I missed this in the Guardian earlier in the week: Watchdog sides with MI5 to reject phone-tap evidence
The prospect of phone-tap evidence being used in court, an issue at the heart of the dispute over proposed anti-terrorism measures, received a blow yesterday when the prime minister's eavesdropping watchdog opposed the idea.

Sir Paul Kennedy, an appeal court judge who monitors communications intercepts, said in his first official report: "I am firmly of the opinion that the benefits of any change in the law [in intercept evidence] are heavily outweighed by the disadvantages." He added: "With one exception, everyone to whom I have spoken in the course of my visits seems to be of the same opinion."

Digitised personal data as hot as nuclear waste

Cory Doctorow in full polemic flow in the Guardian.

"We should treat personal electronic data with the same care and respect as weapons-grade plutonium - it is dangerous, long-lasting and once it has leaked there's no getting it back

When HM Revenue & Customs haemorrhaged the personal and financial information of 25 million British families in November, wags dubbed it the "Privacy Chernobyl", a meltdown of global, epic proportions.

The metaphor is apt: the data collected by corporations and governmental agencies is positively radioactive in its tenacity and longevity. Nuclear accidents leave us wondering just how we're going to warn our descendants away from the resulting wasteland for the next 750,000 years while the radioisotopes decay away. Privacy meltdowns raise a similarly long-lived spectre: will the leaked HMRC data ever actually vanish...

But it seems to have entirely escaped the attention of those who regulate the gathering of personal information. The world's toughest privacy measures are as a wet Kleenex against the merciless onslaught of data acquisition. Data is acquired at all times, everywhere."

Brilliant as ever.

The Stasi files paper jigsaw mountain

Andrew Curry wrote recently in Wired about Piecing Together the Dark Legacy of East Germany's Secret Police It's a stark warning of where the totalitarian leanings of the Blair/Brown Bush/Cheney 'be afraid be very afraid but we will protect you' politics can ultimately lead.

"Ulrike Poppe used to be one of the most surveilled women in East Germany. For 15 years, agents of the Stasi (short for Staatssicherheitsdienst, or State Security Service) followed her, bugged her phone and home, and harassed her unremittingly, right up until she and other dissidents helped bring down the Berlin Wall in 1989. Today, the study in Poppe's Berlin apartment is lined floor to 12-foot ceiling with bookshelves full of volumes on art, literature, and political science. But one shelf, just to the left of her desk, is special. It holds a pair of 3-inch-thick black binders — copies of the most important documents in Poppe's secret police files. This is her Stasi shelf...

When the wall fell, the Stasi fell with it. The new government, determined to bring to light the agency's totalitarian tactics, created a special commission to give victims access to their personal files. Poppe and her husband were among the first people in Germany allowed into the archives. On January 3, 1992, she sat in front of a cart loaded with 40 binders dedicated to "Circle 2" — her codename, it turned out. In the 16 years since, the commission has turned up 20 more Circle 2 binders on her.

The pages amounted to a minute-by-minute account of Poppe's life, seen from an unimaginable array of angles. Video cameras were installed in the apartment across the street. Her friends' bedrooms were bugged and their conversations about her added to the file. Agents investigated the political leanings of her classmates from middle school and opened all of her mail. "They really tried to capture everything," she says. "Most of it was just junk."

But some of it wasn't. And some of it ... Poppe doesn't know. No one does. Because before it was disbanded, the Stasi shredded or ripped up about 5 percent of its files. That might not sound like much, but the agency had generated perhaps more paper than any other bureaucracy in history — possibly a billion pages of surveillance records, informant accounting, reports on espionage, analyses of foreign press, personnel records, and useless minutiae. There's a record for every time anyone drove across the border..."

And that was with paper. Brown and Bush have computers and the capacity to gather and draw inferences from much greater volumes of personal data. But in the case of the shredded Stasi files the computers being used to reconstruct them:

"There's no way to know what bombshells those files hide. For a country still trying to come to terms with its role in World War II and its life under a totalitarian regime, that half-destroyed paperwork is a tantalizing secret.

The machine-shredded stuff is confetti, largely unrecoverable. But in May 2007, a team of German computer scientists in Berlin announced that after four years of work, they had completed a system to digitally tape together the torn fragments. Engineers hope their software and scanners can do the job in less than five years — even taking into account the varying textures and durability of paper, the different sizes and shapes of the fragments, the assortment of printing (from handwriting to dot matrix) and the range of edges (from razor sharp to ragged and handmade.)"

Incidentally if you're interested in East German history I'd recommend Mary Fulbrook's books Anatomy of a Dictatorship: Inside the GDR 1949-1989: Inside the GDR, 1949-1989 and The People's State: East German Society from Hitler to Honecker

Scientists reluctant to share cancer data

Biostatistician, Andrew Vickers writes in the NYT: Cancer Data? Sorry, Can’t Have It

"Not long ago, I asked a respected cancer researcher if he could send me raw data from a trial he had recently published. He refused. Sharing data would make the study team members “uncomfortable,” he said, as I might use this to “cast doubt” on their results.

I’d heard this before: as a statistician who designs and analyzes cancer studies, I regularly ask other researchers to provide additional information or raw data. Sometimes I want to use the data to test out a new idea or method of statistical analysis. And knowing exactly what happened in past studies can help me design better research for the future. Occasionally, however, there are statistical analyses I could run that might make an immediate and important impact on the lives of cancer patients...

Given the enormous physical, emotional and financial toll of cancer, one might expect researchers to promote the free and open exchange of information. The patients who volunteer for cancer trials often suffer through painful procedures and harsh experimental treatments in the hope of hastening a cure. The data they provide ought to belong to all of us. Yet cancer researchers typically treat it as their personal property...

Dr John Kirwan, a rheumatologist from the University of Bristol in England, has studied researchers’ attitudes on sharing data from clinical trials. He found that three-quarters of researchers he surveyed, as well as a major industry group, opposed making original trial data available. It is worth restating this finding: most scientists doing research on how best to help those in pain, or at risk of death, want to keep their data a secret.

Dr. Kirwan went on to ask his subjects why. Their reasons were entirely trivial: one cited the difficult of putting together a data set (wouldn’t this have to be done anyway in order to publish a paper?); another was concerned that the data might be analyzed using invalid methods (surely a judgment for the scientific community as a whole). This is something of a clue that the real issue here has more to do with status and career than with any loftier considerations. Scientists don’t want to be scooped by their own data, or have someone else challenge their conclusions with a new analysis.

Yet this is exactly what cancer patients need. They want new results to be published as quickly as possible and to encourage a robust debate on the merits of key research findings."

Tuesday, January 29, 2008

ID card coercion

The good folks at NO2ID have obtained a leaked government document referring to methods to coerce people into getting an ID card.


A specially annotated NO2ID copy of the full document, National Identity Scheme Options Analysis - Outcome, is available at Cory Doctorow's Craphound website and the NO2ID campaign would like as many mirrors as possible.

ECJ rules privacy trumps copyright

The European Court of Justice has reportedly ruled that telcos do not have a duty to disclose personal details of suspected file sharers to copyright owners.

"European Union countries can refuse to disclose names of file sharers on the Internet in civil cases, the EU's top court said on Tuesday in a blow to copyright holders trying to fight digital piracy.

The European Court of Justice ruled on a dispute between Spanish music rights holders association Promusicae and Spain's top telecommunications operator, Telefonica.

Telefonica argued that, under a national law based on EU rules, it had to disclose the name of an Internet subscriber only for criminal actions, not civil ones.

"Community law does not require the member states, in order to ensure the effective protection of copyright, to lay down an obligation to disclose personal data in the context of civil proceedings," the court said in a statement."

The court said:

"There are several community directives whose purpose is that the member states should ensure, especially in the information society, effective protection of industrial property, in particular copyright.

Such protection cannot, however, affect the requirements of the protection of personal data. The directives on the protection of personal data also allow the member states to provide for exceptions to the obligation to guarantee the confidentiality of traffic data"

In other words, the ECJ concluded that privacy trumps copyright protection and the judgement was expected since the ECJ's Advocate General, Juliane Kokott, in advising the court in August of last year, basically said the same thing. P2PNet also has a copy of the Court press release relating to the judgement:

29 January 2008

Judgment of the Court of Justice in Case C-275/06

Productores de Música de España (Promusicae) v Telefónica de España SAU

THE COURT RULES ON THE PROTECTION OF INTELLECTUAL PROPERTY RIGHTS IN THE INFORMATION SOCIETY

Community law does not require the Member States, in order to ensure the effective protection of copyright, to lay down an obligation to disclose personal data in the context of civil proceedings

There are several Community directives 1 whose purpose is that the Member States should ensure, especially in the information society, effective protection of industrial property, in particular copyright. Such protection cannot, however, affect the requirements of the protection of personal data. The directives on the protection of personal data 2 also allow the Member States to provide for exceptions to the obligation to guarantee the confidentiality of traffic data.

Promusicae is a Spanish non-profit-making organisation of producers and publishers of musical and audiovisual recordings. It applied to the Spanish courts for an order that Telefónica should disclose the identities and physical addresses of certain persons whom it provided with internet access services, whose IP address and date and time of connection were known. According to Promusicae, those persons were using the KaZaA file exchange program (peer-to-peer or P2P) and providing access in shared files of personal computers to phonograms in which members of Promusicae held the exploitation rights. It therefore sought disclosure of the above information in order to be able to bring civil proceedings against the persons concerned.

Telefónica argued that, under Spanish law,3 the communication of the data sought by Promusicae was authorised only in a criminal investigation or for the purpose of safeguarding public security and national defence.

The Spanish court asks the Court of Justice of the European Communities whether Community law requires the Member States to lay down, in order to ensure effective protection of copyright, an obligation to communicate personal data in the context of civil proceedings.

The Court of Justice notes that the exceptions permitted by the directives on the protection of personal data include the measures necessary for the protection of the rights and freedoms of others. As the directive on privacy and electronic communications does not specify the rights and freedoms concerned by that exception, it must be interpreted as expressing the Community legislature’s intention not to exclude from its scope the protection of the right to property or situations in which authors seek to obtain that protection in civil proceedings. It does not therefore preclude the possibility for the Member States of laying down an obligation to disclose personal data in the context of civil proceedings. However, it does not compel the Member States to lay down such an obligation.

As to the directives on intellectual property, the Court of Justice finds that they too do not require the Member States to lay down, in order to ensure effective protection of copyright, an obligation to communicate personal data in the context of civil proceedings.

That being so, the Court points out that the present reference for a preliminary ruling raises the question of the need to reconcile the requirements of the protection of different fundamental rights, namely the right to respect for private life on the one hand and the rights to protection of property and to an effective remedy on the other.

The Court concludes that the Member States must, when transposing the directives on intellectual property and the protection of personal data, rely on an interpretation of those directives which allows a fair balance to be struck between the various fundamental rights protected by the Community legal order. Further, when implementing the measures transposing those directives, the authorities and courts of the Member States must not only interpret their national law in a manner consistent with the directives but also make sure that they do not rely on an interpretation of them which would be in conflict with those fundamental rights or with the other general principles of Community law, such as the principle of proportionality.

The full judgment is available at the ECJ website. It is quite a technical judgment looking at the details of a collection of EU directives and how they interact; and how to achieve a balance between the right to protect personal data and the right to protect property but the key parts of the decision seem to be paragraphs 61 to 70:
"Fundamental rights

61 The national court refers in its order for reference to Articles 17 and 47 of the Charter, the first of which concerns the protection of the right to property, including intellectual property, and the second of which concerns the right to an effective remedy. By so doing, that court must be regarded as seeking to know whether an interpretation of those directives to the effect that the Member States are not obliged to lay down, in order to ensure the effective protection of copyright, an obligation to communicate personal data in the context of civil proceedings leads to an infringement of the fundamental right to property and the fundamental right to effective judicial protection.

62 It should be recalled that the fundamental right to property, which includes intellectual property rights such as copyright (see, to that effect, Case C‑479/04 Laserdisken [2006] ECR I‑8089, paragraph 65), and the fundamental right to effective judicial protection constitute general principles of Community law (see respectively, to that effect, Joined Cases C‑154/04 and C‑155/04 Alliance for Natural Health and Others [2005] ECR I‑6451, paragraph 126 and the case-law cited, and Case C‑432/05 Unibet [2007] ECR I‑2271, paragraph 37 and the case-law cited).

63 However, the situation in respect of which the national court puts that question involves, in addition to those two rights, a further fundamental right, namely the right that guarantees protection of personal data and hence of private life.

64 According to recital 2 in the preamble to Directive 2002/58, the directive seeks to respect the fundamental rights and observes the principles recognised in particular by the Charter. In particular, the directive seeks to ensure full respect for the rights set out in Articles 7 and 8 of that Charter. Article 7 substantially reproduces Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms signed at Rome on 4 November 1950, which guarantees the right to respect for private life, and Article 8 of the Charter expressly proclaims the right to protection of personal data.

65 The present reference for a preliminary ruling thus raises the question of the need to reconcile the requirements of the protection of different fundamental rights, namely the right to respect for private life on the one hand and the rights to protection of property and to an effective remedy on the other.

66 The mechanisms allowing those different rights and interests to be balanced are contained, first, in Directive 2002/58 itself, in that it provides for rules which determine in what circumstances and to what extent the processing of personal data is lawful and what safeguards must be provided for, and in the three directives mentioned by the national court, which reserve the cases in which the measures adopted to protect the rights they regulate affect the protection of personal data. Second, they result from the adoption by the Member States of national provisions transposing those directives and their application by the national authorities (see, to that effect, with reference to Directive 95/46, Lindqvist, paragraph 82).

67 As to those directives, their provisions are relatively general, since they have to be applied to a large number of different situations which may arise in any of the Member States. They therefore logically include rules which leave the Member States with the necessary discretion to define transposition measures which may be adapted to the various situations possible (see, to that effect, Lindqvist, paragraph 84).

68 That being so, the Member States must, when transposing the directives mentioned above, take care to rely on an interpretation of the directives which allows a fair balance to be struck between the various fundamental rights protected by the Community legal order. Further, when implementing the measures transposing those directives, the authorities and courts of the Member States must not only interpret their national law in a manner consistent with those directives but also make sure that they do not rely on an interpretation of them which would be in conflict with those fundamental rights or with the other general principles of Community law, such as the principle of proportionality (see, to that effect, Lindqvist, paragraph 87, and Case C‑305/05 Ordre des barreaux francophones et germanophone and Others [2007] ECR I‑0000, paragraph 28).

69 Moreover, it should be recalled here that the Community legislature expressly required, in accordance with Article 15(1) of Directive 2002/58, that the measures referred to in that paragraph be adopted by the Member States in compliance with the general principles of Community law, including those mentioned in Article 6(1) and (2) EU.

70 In the light of all the foregoing, the answer to the national court’s question must be that Directives 2000/31, 2001/29, 2004/48 and 2002/58 do not require the Member States to lay down, in a situation such as that in the main proceedings, an obligation to communicate personal data in order to ensure effective protection of copyright in the context of civil proceedings. However, Community law requires that, when transposing those directives, the Member States take care to rely on an interpretation of them which allows a fair balance to be struck between the various fundamental rights protected by the Community legal order. Further, when implementing the measures transposing those directives, the authorities and courts of the Member States must not only interpret their national law in a manner consistent with those directives but also make sure that they do not rely on an interpretation of them which would be in conflict with those fundamental rights or with the other general principles of Community law, such as the principle of proportionality."

And they then conclude:

On those grounds, the Court (Grand Chamber) hereby rules:

Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’), Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights, and Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) do not require the Member States to lay down, in a situation such as that in the main proceedings, an obligation to communicate personal data in order to ensure effective protection of copyright in the context of civil proceedings. However, Community law requires that, when transposing those directives, the Member States take care to rely on an interpretation of them which allows a fair balance to be struck between the various fundamental rights protected by the Community legal order. Further, when implementing the measures transposing those directives, the authorities and courts of the Member States must not only interpret their national law in a manner consistent with those directives but also make sure that they do not rely on an interpretation of them which would be in conflict with those fundamental rights or with the other general principles of Community law, such as the principle of proportionality.

Update: There's a nice commentary on the case by Iain Connor, an IP specialist at Pinsent Masons, at Outlaw.

"Any record industry exec would have been weeping into his cornflakes today as he perused the newspapers. The European Court of Justice was reported everywhere as having handed victory in a battle to privacy activists and file-sharers by ruling that ISPs do not have to hand over subscriber details in file sharing or any other civil cases.

The problem is that these reports have missed the point. What the ECJ actually said was that national governments can, effectively, do what they like on the issue.

Therefore, if Spain wants to rule that file-sharer details can only be revealed in criminal cases, it can. However, if UK courts want to hold, as they do, that file-sharer details can be revealed in all cases, then that's fine too."

BALII has now got the full judgement too.

Daithi and IPKat also have their usual informed commentary.

Monday, January 28, 2008

UK High Court Allows Software Patents

On Friday, in the High Court, Mr Justice Kitchin ruled that the UK Patent Office's practice of rejecting software patents was wrong. David Pearce at IPKat is understandably surprised at the decision and has an excellent commentary.

"After comprehensively summarising the last couple of decades of legal developments, covering the usual suspects (Gale, the oft-misspelled Merrill Lynch, Fujitsu and various EPO decisions), Kitchin J arrived at the main question in this appeal, which was whether the UK-IPO was correct in construing that the Court of Appeal judgment in Aerotel/Macrossan inevitably prohibited the patenting of all computer programs, or whether the old approach of considering the 'potential' technical effect of a computer program (following the EPO approach) could be taken into account, in a similar way to considering the effect of a method claim that would inevitably be carried out by running a program (which all of the applications under appeal contained). The UK-IPO had concluded that Aerotel/Macrossan ruled out computer program product patent claims, and consequently reverted to its old practice of rejecting such claims...

Kitchin J recognised that it was highly undesirable to have provisions of the EPC construed differently at the EPO as compared with the courts in the different contracting states, and that decisions of the Boards of Appeal should be highly persuasive. Mention was also made of the contrasting approach taken in Germany, where the EPO line tends to be followed closely.

The apparent approval of the UK-IPO's rejection of computer program product claims in Oneida Indian Nation's Application [see IPKat commentary here] was either rejected by Kitchin J as not actually meaning that, or was in the alternative respectfully disagreed with (as the High Court is allowed to do, in contrast with the Court of Appeal), depending on the different possible interpretations of Christopher Floyd's judgment.

In conclusion then, Kitchin J found that the appeals should be allowed. Each application concerned a computer related invention where the examiner had allowed claims to, in effect, a method performed by running a suitably programmed computer and to a computer programmed to carry out the method. The Hearing Officer had rejected corresponding program claims on the basis that they were necessarily prohibited by Article 52, and in Kitchin J's judgment he had erred in doing so. The cases were remitted to the UK-IPO for further consideration in light of the judgment."