Cloudflare says it will go above and beyond to destroy what it claims is a uniquely dangerous patent troll.
The troll in question is Blackbird Technologies LLC, a law firm based in Boston, US. It has accused Cloudflare of ripping off a patent it owns on internet communications.
Crucially, Cloudflare CEO Matthew Prince said the battle between his company and Blackbird is over more than just one infringement claim: Blackbird's approach poses a serious threat to other tech companies, and, we're told, it must be stopped.
"They are a very dangerous new breed of patent troll different from what we have seen before," Prince, himself a former lawyer, told The Register. "This is a perfect innovation killing machine."
This design dates back to 1998 and was granted in 2002. It was submitted by Oliver Kaufmann, and was transferred to Blackbird in 2016. It describes "an internet third party data channel."
In plainer English, it sets out a system that injects data from a third-party source into a connection between a client and a server. Picture a web browser fetching a page from a website's server and being fed information from a second source. This sounds kinda like how Cloudflare works, but not really.
Let's look at a really basic view of the architectures:
Cloudflare ... Website servers sit behind the distribution network
Blackbird ... Data is fetched from a second source by a load balancer-like device
With Cloudfare, browsers visiting a website first hit the distribution network, which fires cached static content back to the browser or passes through dynamic content from the site's servers. For example, The Register is a Cloudflare customer: www.theregister.com resolves to a Cloudflare IP address, meaning your browser talks to Cloudflare first, and the web biz sorts out what pages and images to send back from its caches or on-the-fly from our backend servers.
Blackbird's patent describes something that may achieve similar results, but works in a totally different way: it sets out a means for "incorporating third party data into existing internet client/server connections." The browser connects to the website's server but a second source is allowed to inject stuff into the stream to help out the original backend.
It even recommends using special HTML tags to trigger this injection – just like old-school server side includes – which takes the technology even further away from Cloudflare's automatic handling of static and dynamic content.
In our view, from a quick read of the documentation, Blackbird's design sounds remarkably different to Cloudflare's approach. Critically, the server-side includes described in the patent have been around well before the patent was filed: Apache, for example, had them as early as 1996, meaning the design may be derailed by prior art.
But we're not lawyers, we're just scribes who understand networks. It's now up to Cloudflare and Blackbird to convince a court who is right and who is wrong.
This is the first time Cloudflare has faced a claim from a patent troll, we're told. Prince said that, while Cloudflare was ready for this kind of litigation, what he and his legal team found when he looked into Blackbird shocked them.
Rather than a corporation that hires outside lawyers to pursue infringement claims, Blackbird is a small law firm strapped to a war chest of patents. It is an all-in-one form-filling, claim-filing robot. It has no extra baggage and no expensive legal bills to pay, making it a rather lean and mean machine.
"In the past, patent trolls had to hire lawyers and law firms," Prince said. "These guys do away with it entirely and have the owner be a law firm themselves."
Because Blackbird is owned by the attorneys who pursue its cases, Prince explained, they are able to file lawsuits without having to worry about lawyer fees. This, he said, allows them to scoop up patents on the cheap and fire off multiple "lottery ticket" infringement claims for nothing more than the court filing fees. It allows for a machine-gun attack on companies, with patent infringement claims the bullets.
"This is a unique case. They pose an amplified risk to innovative companies everywhere," Prince said. "You can see by the volume of the lawsuits they filed, they have optimized patent trolling to a level that can inflict maximum damage."
Now, instead of just fighting to invalidate the single patent in their case, Cloudflare is backing a campaign to have all of Blackbird's patent holdings – roughly 70 of them – declared invalid for future litigation.
To achieve this, Cloudflare has ring-fenced $50,000 in bounties for prior-art proof to challenge Blackbird's holdings. Of that prize pot, $20,000 will pay those who find prior art on the '335 patent, and $30,000 for other patents.
In addition, Prince says Cloudflare plans to file with the state bar associations in Illinois and Massachusetts, where Blackbird's principal attorneys reside, alleging that by owning the patents they litigate, Blackbird lawyers are committing clear ethical violations.
In the end, Cloudflare is hoping that the legal offensive sends a clear message that would-be patent trolls should steer clear.
"If we invalidate every Blackbird patent, that would be a success," Prince said. "But the end game goes well beyond that, we are setting a precedent that if you come after us, we come after you."
Blackbird could not be reached for comment on Wednesday. ®
For those of you wondering if this righteous campaign to annihilate a patent troll is an atonement for throwing people to neo-Nazi wolves, we're told the above prior-art bounty has been in the works for weeks, well before Cloudflare's privacy cockup was exposed earlier this month.
Cloudflare provides its services for, among many other outfits, prominent white supremacist and neo-Nazi websites. If you complained to Cloudflare about this racist garbage, it would, as per its free-speech policies, forward those messages to the hate sites' administrators to deal with – including the complainants' names and email addresses. As a result, that's caused some people writing to Cloudflare to be harassed and abused by rather nasty pieces of work.
The San Francisco biz realized back in 2014 that this policy was flawed. By 2015, it updated its abuse report forms to read: "Cloudflare will forward all abuse reports that appear to be legitimate to the responsible hosting provider and to the website owner."
That disclaimer obviously wasn't clocked by netizens, so now Cloudflare gives people the option to disclose or withhold their contact details when submitting a complaint about a website on its network. "While we clearly had a significant blindspot in how we handled one type of abuse reports, we remain committed to our belief that it is not Cloudflare's role to make determinations on what content should and should not be online," said Prince in a blog post on Thursday.