10

Accidentally a few weeks ago I've implemented a logic into my MIT licensed public library, which has been patented by someone else some years ago. That library isn't only about that patented logic - it's only a small part. But days ago I've found the patent during research, and now I'd like to ensure that I'm not breaking any law.

I develop that library as a private individual, but it may be used in a commercial environment also. Now I've updated my README to include a warning to be aware of the patent. Per default the developer must explicit make a special configuration to use the library in the patented way, but it offers everything to go. Anyway, I've documented the detailed steps how to configure and use the library in the way, which would definitely break the patent (including the warning), when being sold, or distributed, or hosted ("as a Service") from a business like that.

As I know the patent should only touch commercial/business usages, but not private use. So I actually feel safe for the moment, but I still have a little headache because in fact I license partial patented material with MIT. Some questions that came around:

  • Am I doing it right? Is a warning in the documentation (README) enough?
  • Is MIT the right (safe) choice, or should I overthink to switch to another license?
  • Does the MIT licensing affect the patent holders rights in any way?
  • Would it change anything, if I'd transfer my license to a business which continues developing the library (using the MIT license also)?

UPDATE: After I accepted the answer I have to add that in the particular case of patent US10402172B1 (I didn't ask explicitly for that) things are a bit more complicated: I've created code which aggregates multiple RNGs (entropy sources) into one random data stream, and also makes it easy to distribute that stream over a network in the way (all ways) that is being described in the patent. Aggregating multiple RNGs (or entropy sources) is a common practice since decades already, so this can't be patented in 2019. But distributing the resulting random data in form of a "Random/Entropy as a Service" (R/EaaS) API or application over a network can, it seems. This isn't implemented in my library, but simplified a lot by just using my library. For this case a warning not to do in the specified way seems to be enough, since my library doesn't contain code to exhaust the patent, finally, but it needs only one more simple step to ~~breaking a law~~ (<- forget that) stepping into a patent trap. If this would be a problem, publishing a programming language would be a problem also, because it can be used to break patents easily - let's keep the church in the village (let's not exaggerate things)...

In the general question about including patented logic into an Open Source library, the accepted answer is correct.

nd_
  • 103
  • 8
  • 4
    "breaking a law" Note that infringing on a patent is not breaking a law, at least not in the common sense: you would never be prosecuted by the state, and will never face criminal charges for infringing on a patent. You could be sued by the patent owner, and be held liable for damages. – Cris Luengo Oct 13 '23 at 16:12
  • It would be interesting to know in which countries the patent holds. – J Fabian Meier Oct 13 '23 at 16:48
  • 1
    Patents can be absolutely bonkers... Are you sure you're even infringing on anything? A lawyer could help you parse it out and determine your level of risk, which is information you should have to decide how to proceed. – Brad Oct 13 '23 at 16:57
  • @CrisLuengo Yes, you're right, "breaking a law" is one step too far already. – nd_ Oct 13 '23 at 18:48
  • @JFabianMeier If https://patents.google.com/patent/US10402172B1/en is right, it's US, Europe (pending), PCT (international) and Japan (pending). – nd_ Oct 13 '23 at 18:50
  • @Brad "Are you sure you're even infringing on anything?" - yes, after reading the linked article from the now accepted answer and doing some more research I'm sure I don't infringe anything, and I'm pretty sure I wouldn't even provoke an unscrupulous lawyer, as Graham added in his answer. But I removed some code, because when I would have left that piece, an unscrupulous lawyer may have something to hit me. So right now I feel good with the solution I have, and I'd like to thank everyone for comments and tips! – nd_ Oct 13 '23 at 18:58
  • @nd_ I thought pure software patents are not really possible in the EU. – J Fabian Meier Oct 14 '23 at 09:58
  • You've started badly by discovering that the patent exists. It's better not to know. It's pretty well impossible these days to write a line of code without potentially infringing some trivial patent -- I say "potentially", because most of them wouldn't stand up in court. For example someone patented a (rather obvious) idea that was in my code, and described by me in the literature, 5 years before they applied for their patent. I've just ignored them, and I think they are very likely to ignore me, especially as they have made no attempt to deliver a product that incorporates the idea. – Michael Kay Oct 15 '23 at 14:33
  • @JFabianMeier Right, a software (a mathematical algorithm) can't be patented, if this algorithm doesn't control/include a hardware. Actually software always controls a piece of hardware (CPU, memory, etc.) - but that doesn't count. What counts is a QRNG source, since this must be a hardware. So the patent should be valid and not break any rule. But to be fair, the patent should only include the hardware of the patent holder - not QRNGs in general, because they've not been invented by them. At last this is my personal opinion, I'm not an expert about that. – nd_ Oct 15 '23 at 17:33
  • @MichaelKay "You've started badly" - today I'd say I've submitted the whole question while in panic and without thinking anything so much ;o) "...someone patented a (rather obvious) idea that was in my code... 5 years before they applied for their patent" - Ouch... However, if you could prove that, the patent could become invalid. Open Source developers which commit to GitHub etc. are safe for such scenarios, I guess. An executable or library signature with a trusted timestamp could do the job also. But even if I could prove something like that for my own code, I'd ignore it, I guess... – nd_ Oct 15 '23 at 17:51
  • Despite some strange Comments above, that would be breaking the law.

    Whether it broke criminal as well as civil law would depend on details such as whether you fraudulently tried to pass your work off, which hardly seems relevant here.

    How could private individuals or commercial environments matter?

    That a simple README suggestion without detailed explanation could mean much seems unlikely. How could it help, outside the wording of the patent and whatever licence you held?

     – Robbie Goodwin Oct 16 '23 at 20:56

2 Answers2

16

I fear you have a problem.

"A patent is a limited legal monopoly granted to protect an invention, giving the holder the right to exclude others from using, making, selling, and importing the invention (including things that embody the invention) for a fixed period of time." (source; in the spirit of full disclosure I should note that I wrote that article, though I didn't give the talk on which it's based).

It has (sadly) long been held that software is perfectly capable of embodying a patented invention. That your codebase doesn't enable that functionality by default doesn't make it non-infringing, any more than a machine that embodies a patent when running, but ships turned off and without batteries, becomes non-infringing. Warning your users in BIG LETTERS doesn't stop your code infringing, any more than warning users that your code contains a big chunk of unlicensed copyright material dispels the copyright violation. It doesn't matter that you're not doing this for profit.

It may get worse yet, because some jurisdictions punish more harshly infringement that is knowingly committed, and both documenting the patent in the codebase and publishing your question here make it somewhat easier to show you knew you were infringing the patent.

As I read it, much your safest bet is to stop distributing your code, at least until such time that you can have confidence that the patent doesn't cover your code, or until you have rewritten your code to avoid the infringement, or the patent expires. Sorry.

MadHatter
  • 48,547
  • 4
  • 122
  • 166
  • Thank you! I read that article carefully and used a translator, too - hope I did understand everything correctly. I didn't publish (commit) the related code yet, so I'm still safe for sure - but I was thinking about making a commit this weekend. Now I'll overthink that and invest more time in research about that topic, 'cause it may touch my hobby work in other places, too. By the way, in particular it's about US10402172B1, and my code can be used to combine RNGs and distribute so generated entropy trough a network, if configured and used in that way. – nd_ Oct 13 '23 at 07:24
  • You're very welcome. If you're happy with the answer above, and it fully addresses everything you raised in your question, could I ask that you accept it by clicking the "tick" outlined next to it, which puts the question to bed? If, however, you have questions remaining, could you clarify what those are, so that I or some other user may try to clear them up completely? Thank you. – MadHatter Oct 13 '23 at 07:26
  • Sure - I can't upvote your answer yet, but I've accepted it already. And I've updated my question regarding that, 'cause I did some more research and made a final decision to exclude some parts from my library, which could be seen as a cheeky try to catch on the patent, before I'm going to commit my code, finally. I'm not a fan of patents for algorithms/math, but of course I accept the valid law (national as international). – nd_ Oct 13 '23 at 10:10

  • It has (sadly) long been held that software is perfectly capable of embodying a patented invention

    Not everywhere thankfully. Otherwise, software like ffmpeg wouldn't be able to exist. If you are not based in US, it might not matter to you.

     – Dan M. Oct 16 '23 at 11:51
7

After your update, I think it's pretty clear that you're massively overthinking this.

This isn't implemented in my library, but simplified a lot by just using my library.

It doesn't matter how much your work simplifies someone else doing this. You say that on its own, your work does not do this. That's the end of all possible discussion. Anything after that is a doom spiral of negative overthinking.

warning not to do in the specified way seems to be enough

Spiral in progress! For starters, worrying about how people will use your code is bad for your stress levels.

But for another thing, if your documentation says "this could be used to infringe that patent by doing these steps", you're potentially making yourself liable simply by saying that. An unscrupulous lawyer (they exist!) could make a case that you've provided instructions for how to infringe the patent. Even if the text finishes "...so don't do it", that doesn't get you out of the hole. Probably you could fight it if they did, but do you really want to?

On the other hand, suppose your code makes no reference to the patent and has no warnings. Then no-one can make that claim. And as you've already said, your code doesn't (in itself) do what the patent says. So by leaving the warning off, you're more safe.

Delete all warnings, delete all references to the patent, and you're good.

Graham
  • 259
  • 1
  • 2
  • "you're potentially making yourself liable simply by saying that" How so? This makes no sense. The patent itself explains step by step how to reproduce the invention. That's the point of the patent: it's a publicly accessible document that enables anyone to replicate the invention. Describing the patent doesn't infringe on the patent, only replicating the invention does. – Cris Luengo Oct 13 '23 at 16:15
  • 4
    @Cris Luengo Imagine that someone built a patented machine and left out a connecting bar. He then sold it with a warning: "Do not under any circumstances order a six-inch bar with 1/4" holes at the ends from your local job shop and connect it between points D and Z since this would convert it into a machine which infringes patent XXXXXX". You cannot evade a patent by supplying the machine 99% assembled with instructions to finish assembly. The OP needs to avoid creating the impression that that is what he is doing. – David42 Oct 13 '23 at 18:10
  • 2
    @David42 Sure, if you make something that is useless unless you finish it in the way described in the patent, then you’re obviously infringing on the patent. But that’s very far from OP’s case. As I understand it, they’re just selling the screws. – Cris Luengo Oct 13 '23 at 18:24
  • 1
    "Spiral in progress" - You got me. Thank you! At the moment I included only this text to my README:

    "There is a patent (US10402172B1) which comes into play, if you plan to create a Random or Entropy as a Service (R/EaaS) application, especially when using QRNG entropy. Read that document carefully to avoid disappointments."

    Because it happened to me: I have a QRNG device which was expensive, so I don't want to buy one for each computer. And my very first thought was to distribute the entropy, which is being created by a single device (and offer it as a private and free webservice).

     – nd_ Oct 13 '23 at 18:42
  • 1
    @CrisLuengo "Describing the patent doesn't infringe on the patent, only replicating the invention does." - and I'd like to warn the ones who want to use my library from that, because if I wouldn't know about the patent, maybe I would have some trouble one day. I think your sentence does hit the point, what wasn't clear to me, 'cause the patent has many claims, and I'm far away from being a law/patent expert, so I was getting nervous... – nd_ Oct 13 '23 at 18:47
  • @nd_, warning that the patent exists is fine. Just let your users figure out themselves how to avoid infringing the patent. – Bart van Ingen Schenau Oct 14 '23 at 16:43
  • 2
    @nd_ Cool - I think that text sounds good.You're making people aware that there's a patent which is tangentially relevant, but doesn't cover your library. And realistically, patents aren't something you need to worry about yourself anyway, unless you're on some major project. :) – Graham Oct 14 '23 at 19:56
  • @Graham "And realistically, patents aren't something you need to worry about yourself anyway" - not YET ;o) – nd_ Oct 15 '23 at 17:53