Last week, RFID access device company HID Global got IOActive researcher Chris Paget to pull his talk from Black Hat DC because they claimed that demonstrating how to clone RFID cards violated their patents in card readers. Are they nuts? Unfortunately, IOActive, which probably holds several patents of its own and wants to look like an upstanding respecter of intellectual property rights, backed down and the talk went unmade. While I am not a patent lawyer, the claim seems both colorable and totally weak. Colorable, because if the card reader patents are valid and the claims are drafted broadly enough, then a homebrew card reader just might infringe. Totally weak, because even if the patents are valid, and the reader infringes, and HID Global decided to pay expensive patent lawyers to sue, the damages in the case, even if trebled, would be achingly small (the licensing fee for a single device). My Wired News column from this past Wednesday (Wired News link) is about this brouhaha. In the column, I heap scorn upon HID, but I do wish that IOActive had pushed the issue. I'm sure a flurry of lawyers would have rushed to their defense.
The Center for Internet and Society at Stanford Law School is a leader in the study of the law and policy around the Internet and other emerging technologies.