Stupid Patent of the Month: JP Morgan Patents Interapp Permissions (Electronic Frontier Foundation)

We have often criticized the Patent Office for issuing broad software patents that cover obvious processes. Instead of promoting innovation in software, the patent system places landmines for developers who wish to use basic and fundamental tools. This month’s stupid patent, which covers user permissions for mobile applications, is a classic example. 

On August 29, 2017, the Patent Office issued U.S. Patent No. 9,747,468 (the ’468 patent) to JP Morgan Chase Bank, titled “System and Method for Communication Among Mobile Applications.” The patent covers the simple idea of a user giving a mobile application permission to communicate with another application. This idea was obvious when JP Morgan applied for the patent in June 2013. Even worse, it had already been implemented by numerous mobile applications. The Patent Office handed out a broad software monopoly while ignoring both common sense and the real world.

The full text of Claim 1 of the ’468 patent is as follows:

A method for a first mobile application and a second mobile application on a mobile device to share information, comprising:

the first mobile application executed by a computer processor on a mobile device determining that the second mobile application is present on the mobile device;

receiving, from a user, permission for the first mobile application to access data from the second mobile application;

the first mobile application executed by the computer processor requesting data from the second mobile application; and

the first mobile application receiving the requested data from the second mobile application.

That’s it. The claim simply covers having an app check to see if another app is on the phone, getting the user’s permission to access data from the second app, then accessing that data. 

The ’468 patent goes out of its way to make clear that this supposed invention can be practiced on any kind of mobile device. The specification helpfully explains that “the invention or portions of the system of the invention may be in the form of a ‘processing machine,’ such as a general purpose computer, for example.” The patent also emphasizes that the invention can be practiced on any kind of mobile operating system and using applications written in any programming language. 

How was such a broad and obvious idea allowed to be patented? As we have explained many times before, the Patent Office seems to operate in an alternate universe where the only evidence of the state of the art in software is found in patents. Indeed, the examiner considered only patents and patent applications when reviewing JP Morgan’s application. It’s no wonder the office gets it so wrong.

What would the examiner have found if he had looked beyond patents? It’s true that in mid-2013, when the application was originally filed, mobile systems generally asked for permissions up front when installing applications rather than interposing more fine-grained requests. But having more specific requests was a straightforward security and user-interface decision, not an invention. Structures for inter-app communication and permissions had been discussed for years (such as here, here, and here). No person working in application development in 2013 would have looked at Claim 1 of the ’468 patent and think it was non-obvious to a person of ordinary skill.

JP Morgan’s “invention” was not just obvious, it had been implemented in practice. At least some mobile applications already followed the basic system claimed by the ’468 patent. In early 2012, after Apple was criticized for allowing apps to access contact data on the iPhone, some apps began requesting user permission before accessing that data. Similarly, Twitter asked for user permission as early as 2011, including on “feature phones”, before allowing other apps access to its data. Since it didn’t consider any real world software, the Patent Office missed these examples.

The Patent Office does a terrible job reviewing software patent applications. Meanwhile, some in the patent lobby are pushing to make it even easier to get broad and abstract software patents. We need real reform that reduces the flood of bad software patents that fuels patent trolling.

Posted in Uncategorized Tagged

Electronic Frontier Foundation, ACLU Win Court Ruling That Police Can’t Keep License Plate Data Secret (Electronic Frontier Foundation)

Police Have Collected Data on Millions of Law-Abiding Drivers Via License Readers

San Francisco, California—The Electronic Frontier Foundation (EFF) and the ACLU won a decision by the California Supreme Court that the license plate data of millions of law-abiding drivers, collected indiscriminately by police across the state, are not “investigative records” that law enforcement can keep secret. 

California’s highest court ruled that the collection of license plate data isn’t targeted at any particular crime, so the records couldn’t be considered part of a police investigation. 

“This is a big win for transparency in California,” attorney Peter Bibring, director of police practices at the ACLU of Southern California, which joined EFF in a lawsuit over the records.  “The Supreme Court recognized that California’s sweeping public records exemption for police investigations doesn’t cover mass collection of data by police, like the automated scanning of license plates in this case. The Court also recognized that mere speculation by police on the harms that might result from releasing information can’t defeat the public’s strong interest in understanding how police surveillance impacts privacy."

The ruling sets a precedent that mass, indiscriminate data collection by the police can’t be withheld just because the information may contain some criminal data. This is important because police are increasingly using technology tools to surveil and collect data on citizens, whether it’s via body cameras, facial recognition cameras, or license plate readers.

The panel sent the case back to the trial court to determine whether the data can be made public in a redacted or anonymized form so drivers’ privacy is protected.

“The court recognized the huge privacy implications of this data collection,” said EFF Senior Staff Attorney Jennifer Lynch. “Location data like this, that’s collected on innocent drivers, reveals sensitive information about where they have been and when, whether that’s their home, their doctor’s office, or their house of worship.”

Automated License Plate Readers or ALPRs are high-speed cameras mounted on light poles and police cars that continuously scan the plates of every passing car. They collect not only the license plate number but also the time, date, and location of each plate scanned, along with a photograph of the vehicle and sometimes its occupants. The Los Angeles Police Department (LAPD) and the Los Angeles County Sheriff's Department (LASD) collect, on average, three million plate scans every week and have amassed a database of half a billion records.

EFF filed public records requests for a week’s worth of ALPR data from the agencies and, along with American Civil Liberties Union-SoCal, sued after both agencies refused to release the records.

EFF and ACLU SoCal asked the state supreme court to overturn a lower court ruling in the case that said all license plate data—collected indiscriminately and without suspicion that the vehicle or driver was involved in a crime—could be withheld from disclosure as “records of law enforcement investigations.”

EFF and the ACLU SoCal argued the ruling was tantamount to saying all drivers in Los Angeles are under criminal investigation at all times. The ruling would also have set a dangerous precedent, allowing law enforcement agencies to withhold from the public all kinds of information gathered on innocent Californians merely by claiming it was collected for investigative purposes.

EFF and ACLU SoCal will continue fighting for transparency and privacy as the trial court considers how to provide public access to the records so this highly intrusive data collection can be scrutinized and better understood.

For the opinion:

For more on this case:


Senior Staff Attorney
ACLU SoCal Press & Communications Strategist
Posted in Uncategorized Tagged

Log4j 2.9 released (Apache Software Foundation Blogs)

The Apache Log4j 2 team is pleased to announce the Log4j 2.9.0 release!

This release contains the first support of Java 9 as well as bugfixes and minor enhancements. The Log4j API was modified to use java.util.ServiceLoader to locate Log4j implementations, although the former binding mechanism is still supported. The Log4j jar is now a multi-release jar to provide implementations of the Java 9 specific classes. Multi-release jars are not supported by the OSGi specification so OSGi modules will not be able to take advantage of these implementations but will not lose functionality as they will fall back to the implementations used in Java 7 and 8. More details on the new features and fixes are itemized below.

Note that subsequent to the 2.9 release, for security reasons, SerializedLayout is deprecated and no longer used as default in the Socket and JMS appenders. SerializedLayout can still be used as before, but has to be specified explicitly.

Apache Ignite Community Update (August 2017 Issue) (Apache Software Foundation Blogs)

by Tom Diederich

Igniters, here are some community highlights from the last couple week. If I missed anything, please share it here. Meetups! Did you know that Apache Ignite experts are available to speak at your meetup? And we also have spots open for YOU to speak at the following meetups that some of us co-organize:

Meanwhile, here’s where to catch some great talks about Apache Ignite! We have 19 newly scheduled meetup talks on the books since the last update. All upcoming Ignite events can be found here. Let’s take a closer look at some of them….

Scheduled speaking engagements

* Sept. 9: Big Data and Cloud Meetup (Santa Clara, Calif.)

Apache Ignite PMC chair Denis Magda will be speaking at the Big Data and Cloud Meetup September 9 from 10 a.m. to noon. His talk is titled: "Apache Spark and Apache Ignite: Where Fast Data Meets the IoT".

* Sept. 13: SF Big Analytics Meetup

Denis Magda will be the featured speaker at the SF Big Analytics Meetup on Sept. 13. Denis' talk is titled: "Apache Ignite: the in-memory hammer in your data science toolkit."

* Sept. 18: Meetup: Cambridge .NET User Group

Apache Ignite evangelist Akmal Chaudhri will speak at the Cambridge .NET User Group Sept. 17. The title of his talk: "Scale Out and Conquer: Apache Ignite for .NET Users."

* Sept. 21: Joint meetup! Bay Area In-Memory Computing Meetup & SF Spark and Friends

* Sept. 27: New York Kubernetes Meetup

Apache Ignite evangelist Akmal Chaudhri will focus on a DevOps perspective on the orchestration of distributed databases such as Apache Ignite. Akmal will speak on node auto-discovery, automated horizontal scalability, availability, and utilization of RAM and disk with Apache Ignite.

* Oct. 4: Openstack & Ceph User Group Amsterdam

Apache Ignite evangelist Akmal Chaudhri will show attendees how to build a Fast Data solution that will receive endless streams from the IoT side and will be capable of processing the streams in real-time using Apache Ignite's cluster resources.

* Oct. 13: Big Data Week London 2017: A Festival of Data (conference)

Akmal Chaudhri will be speaking at the Big Data Week conference Oct. 13 in London. His talk, titled "Powering up banks and financial institutions with distributed systems," will educate attendees about important Apache Ignite features for financial applications -- such as ACID compliance, SQL compatibility, persistence, replication, security, fault tolerance and more.

* Oct. 18: Silicon Valley Java User Group

Join Apache Ignite PMC Chair Denis Magda will introduce the many components of the open-source Apache Ignite. His talk, titled, “Catch an intro to Apache Ignite and skyrocket Java applications,” will teach attendees how to solve some of the most demanding scalability and performance challenges. He will also cover a few typical use cases and work through some code examples.

* Oct. 19: Eurostaff Big Data London

Apache Ignite evangelist Akmal Chaudhri will show attendees how to build a Fast Data solution that will receive endless streams from the IoT side and will be capable of processing the streams in real-time using Apache Ignite's cluster resources.

* Oct. 24: Spark Summit Europe 2017 (conference)

Akmal Chaudhri will be presenting at the Spark Summit Europe conference, Oct. 24-26 at the Convention Centre Dublin in Ireland.  His session is titled: "How to Share State Across Multiple Spark Jobs using Apache Ignite."

* Nov. 2: Byte-Academy-FinTech-Python-Blockchain-Education Meetup (London)

In his talk, titled, "Powering up banks and financial institutions with distributed systems,” Apache Ignite technical Akmal Chaudhri will explain important Apache Ignite features for financial applications -- such as ACID compliance, SQL compatibility, persistence, replication, security, fault tolerance and more. A customer case study will also be presented.

Blog posts



Past webinars (recordings available!)

Deploy like a Boss: Using Kubernetes and Apache Ignite, with GridGain solution architect Dani Traphagen.