Skip to content
Policy

Newegg trial: Crypto legend takes the stand, goes for knockout patent punch

Taking a bet on Whit Diffie, as the trial against "patent troll" TQP wraps up Monday.

Joe Mullin | 134
Whitfield Diffie and Newegg lawyer Alan Albright, outside the federal courthouse in Marshall, Texas. Credit: Joe Mullin
Whitfield Diffie and Newegg lawyer Alan Albright, outside the federal courthouse in Marshall, Texas. Credit: Joe Mullin

MARSHALL, TX—Newegg's courtroom face-off with patent-licensing giant TQP Development is nearing its end. TQP has sued hundreds of companies, saying it has patented the common Web encryption scheme of combining SSL with the RC4 cipher. Almost 140 companies have paid TQP a total of more than $45 million. But online retailer Newegg, which has sworn not to settle with "patent trolls" like TQP, took the case to a jury.

On Thursday, Newegg's top lawyer, Lee Cheng, took the stand. He was followed by a non-infringement expert and three well-known computer scientists who emphasized the importance of Newegg's "prior art."

Ron Rivest testified, via videotaped deposition, about how he invented the RC4 cipher while at RSA Security in 1987, two years before the TQP patent application was filed. Former Microsoft CTO Ray Ozzie described demonstrating Lotus Notes to Bill Gates in 1988. Alan Eldridge, who worked on the Notes product, flew down to Marshall in person to describe how he put RC4 in the software.

Eldridge wasn't paid, as expert witnesses were—he came down to testify against the Jones patent out of a feeling of "civic responsibility," he said. He didn't know who the defendants in this case were until he was told. "I hadn't even heard of New Age until Saturday," said Eldridge at one point, as laughs were stifled in the courtroom.

On Friday Newegg's star witness, cryptographer Whitfield Diffie, took the stand. Diffie's goal was to knock out the Jones patent with "clear and convincing" evidence (which is the standard for invalidating a patent).

Diffie looked the part of the eccentric genius, resplendent with his long white hair and beard. He spoke with a booming voice but carefully articulated manner; he was professorial but not overbearing. He could have been the amiable professor you wished you'd had in college.

Ars Video

 

TQP's patent, invented alongside Michael Jones' failed modem business, wasn't much of an invention at all according to Diffie's telling. It was a pre-Internet patent, describing an old method of encoding data. Internet security needed "public key" cryptography.

"We've heard a good bit in this courtroom about public key encryption," said Albright. "Are you familiar with that?"

"Yes, I am," said Diffie, in what surely qualified as the biggest understatement of the trial.

"And how is it that you're familiar with public key encryption?"

"I invented it."

A brief history of public-key crypto

In 1973, Diffie left his work at Stanford's Artificial Intelligence Lab to travel the country and learn more about cryptography.

"It was kind of a secret field at the time, and the literature was hard to find," said Diffie. "I was traveling around academic libraries digging up whatever I could."

The following year, he returned to Stanford and started his work with a professor there, Martin Hellman.

"I want you to put it in perspective for the court and for the jury," said Albright. "What is the problem that you two gentlemen saw that you were so worried about?"

The problem was vast, Diffie explained—nothing less than how to keep things private in a networked world. He recalled a conversation with his wife in 1973, sitting on a New Jersey park bench. "I told her that we were headed into a world where people would have important, intimate, long-term relationships with people they had never met face to face," he said. "I was worried about privacy in that world, and that's why I was working on cryptography."

At that time, the only encryption happened within "closed systems." IBM could encrypt information within its own company's networks, and Texas Instruments could encrypt on theirs. But some kind of courier would have to carry encryption "keys" to both companies before they could do so.

That was the "key distribution" problem Diffie strove to solve. "It's arranging to provide keys to two people who have never met before, who suddenly find themselves with a need to communicate," he explained. "This is much the way we visit websites these days."

There was one other big need: proving authenticity.

"The receiver of the document can come into court with the signed document and prove to a judge that the document is legitimate," he said. "That person can recognize the signature but could not have created the signature."

In spring of 1975, Diffie was "playing house husband" near Stanford, while his wife worked in San Francisco for British Petroleum. It was then, spending his afternoons unbothered working on cryptography, when he hit on a solution that could solve both the key distribution and authenticity puzzles. Public-key crypto could kill two birds with one stone.

"What I suddenly understood was that you could break the key into two pieces, and only one piece would have to be secret," said Diffie, speaking excitedly. "There would be a secret piece and a public piece."

In 1976, he published "New Directions in Cryptography" with Martin Hellman. The paper's cover sheet was displayed on the screen in court.

"Is it fair to say that the jury is looking at a little bit of history, in terms of cryptography?" asked Albright.

"You embarrass me," said Diffie. "But yes, I think it's fair."

The world of cryptography was utterly changed. Whereas there were "not more than a dozen or two" people working on cryptography outside government, "now there are thousands," Diffie explained.

Jones and Erich Spangenberg, the patent-licensing kingpin who owns TQP, have claimed that the Jones patent is fundamental to Internet commerce. They've sued hundreds of companies for infringing it.

Albright made sure the jury got one point clearly: it was Diffie's invention that ushered in the world of online commerce. "Would it be fair to say we wouldn't have Internet commerce without this?" asked Albright.

"I think where there's commerce, it will find a way," said Diffie. "But this has certainly smoothed that way a good deal."

Prior Art: Some software and a good old-fashioned textbook

After describing his history, it was time to take a shot at Jones' patent. There were two key pieces of prior art. First up was a 1982 textbook called Cryptography and Data Security by Dorothy Denning.

Credit: Denning
Albright showed the jury a diagram of a symmetric, "closed" cryptographic system from that book. "That diagram represents all cryptographic practice up to a few years earlier [than 1982]," explained Diffie. It also describes everything in Jones' patent. The "key generator" in Denning's book corresponded to the "pseudo-random number generator" talked about in the Jones patent; and every message block is encrypted and decrypted in the same manner.

Then he moved to the most-discussed piece of prior art: RC4, combined with Lotus Notes, an early e-mail and social networking product. TQP actually admits that the combination of RC4 and Lotus Notes anticipates its patent, but the organization argues that it was kept as a trade secret until after the "critical date" of October 6, 1988, one year before the patent filing.

Diffie ran through the timeline: Rivest invented RC4 in 1987. By January 1988, Lotus purchased the Notes product; the sale was complete. In April 1988, Rivest wrote to the National Security Agency asking for an "export license" for RC4—a step he wouldn't have taken unless the product was ready to go, said Diffie. That same month, Ray Ozzie showed Notes and RC4 to Bill Gates. In May of that year, the product was shown at Lotus Week, a huge computer show.

That meant Lotus Notes had been "offered for sale" even though Lotus Notes wasn't actually shipped to the public until December 1989. Paying for something before you get it isn't unusual, he reminded jurors.

"This happens in commerce all the time," he said. "You can go to a car dealer, and you look around the lot... but you don't like any exact one that's there. You give the salesman a list of the features you want, and you pay for the car. They send word off to Detroit, and Dearborn builds it for you, and a few weeks later, your car shows up, and you drive it away."

Diffie's testimony went on some time, but he seemed to have the jury in the palm of his hand. A few jurors laughed at his jokes and smiled, and the more serious ones were certainly focused on his testimony. After about two hours, Albright passed the witness.

A stunning attack

One might imagine an opposing attorney would handle a famous witness, who had just connected with the jury, carefully. TQP lawyer Marc Fenster could have acknowledged Diffie's accomplishments while arguing that his client—an admittedly little guy—still should get his rights, his little piece of "intellectual property."

That's not what Fenster did. He went on the attack.

"You never completed a master's degree, correct?" he asked Diffie.

"That's correct," said Diffie.

"Other than the honorary degree, you don't have an earned doctorate or Ph.D. correct?"

"That is correct," said Diffie.

And even though he taught a few courses, "you never had a real professorship, correct?" asked Fenster.

"I never had a full-time academic job, no."

Fenster noted that while Diffie was testifying in court for the first time, he had other expert witness work lined up. His rate varies from $500 to $600 per hour, and it's $700 for testifying in court.

"Your agent helps you to get expert witness jobs, is that right?"

"Actually, no," said Diffie. "My agent handles the arrangements with my clients. All of the jobs have come in directly through me."

Then Fenster mounted an even more surprising strategy: he pursued a line of questioning suggesting that it was Diffie who was being misleading about his own invention.

"Dr. Diffie, you agree that you can still be an inventor on a patent even though others may have invented the same thing earlier but kept their invention secret, correct?" asked Fenster.

"Under some circumstances, yes," answered Diffie.

"In fact, Dr. Diffie, you have some personal experience with this particular aspect of the patent law, don't you?"

"You'll have to remind me," answered Diffie.

Then Fenster dropped this bombshell: "Dr. Diffie, you were not the first to invent public key cryptography, were you?"

"I believe that I may have been," said Diffie, speaking cautiously. "But perhaps you could be more specific?"

"In fact, a gentleman named James Ellis in England invented it before you, right?"

Diffie sighed. He seemed, suddenly, almost tired. He had heard this one before. "I spent a lot of time talking to James Ellis, and I can't figure it out," he said. "James Ellis did very fine work."

Fenster pulled up the history website for the Institute of Electrical and Electronics Engineers, a page that displayed "milestones" in engineering dating back to 1800. The page showed James Ellis, not Diffie, as the inventor of public-key cryptography. Ellis made the breakthrough at the British GCHQ intelligence agency but kept it secret. With these discoveries, the essential principles were known but "were kept secret until 1997," stated the IEEE page.

"It describes this invention as being accomplished by James Ellis in Britain's government, correct?" asked Fenster.

"It does."

"And it does not list you as the inventor or credit you with the invention of public key cryptography, correct?"

"Correct."

The article described Ellis as inventing public key cryptography in 1969 but keeping it confidential until 1997.

"Let's read together," said Fenster. Reading the website, he intoned: "All of the essentials of public key cryptography had been discovered by Ellis and two others by 1975."

"That's what it says," said Diffie.

"And by that time, the public recognition of the invention of public key cryptography had been allocated to the researchers at Stanford and MIT—correct?"

"That's what it says."

"So, in fact, according to the IEEE, someone else invented public key cryptography before you, correct?"

"I disagree," said Diffie. "Ellis' paper is in no sense enabling. [His partner] Malcolm Williamson's paper enables Diffie-Hellman, and it was an internal secret note written two months after I presented that at the largest computer conference in the world."

Diffie said he sought out those three inventors himself and talked to them "extensively" about their work. He started those discussions in 1982, and they continue to the present.

"Dr. Diffie, you were entitled to your patent because the alleged prior inventor kept it secret, right?"

"The alleged prior inventors not only kept it secret but did very little with it," said Diffie. "In James Ellis' words to me: 'You did a lot more with it than we did.'"

If Fenster wanted to talk about other claims to the public-key crypto breakthrough, Diffie seemed suddenly happy to help him out. He started bringing out his own examples.

"When the director of NSA spoke to Congress, in about 1977, he rather perversely made the claim that NSA had invented these things a decade earlier," said Diffie. "Both the time and the credit seem a little bit off. But there was a steady sort of attempt to claim credit for this, without releasing documents, until 1997."

After Fenster finished, Albright went back to the podium and gave Diffie a chance to regroup and explain. In the US National Inventors' Hall of Fame, Albright pointed out, it was Diffie who was credited with the invention.

"Would you explain to the jury why it is that you represented to them here in open court under oath that you were the inventor?"

"I've studied this with some care," said Diffie. He continued:

The short answer would be that James Ellis' work in 1969 and 1970 certainly does not teach the methods. Personally, I find that paper incomprehensible. I'm not clear how anybody became convinced of anything from it.

Williamson wrote a paper—an internal, secret paper at GCHQ that is dated the eighth of August, 1976, or close to that—two months after I presented the Diffie-Hellman key exchange at the National Computer Conference in New York.

My view is that they did very fine work. I think my conception of public key was clearer than James Ellis'. But every time we have been given awards on this, I have cited those people and praised them for the work they did.

By the time Diffie finished testifying, it was near the end of the day. Then came another stunner: Newegg rested its case. It did so without putting on its expert witness to rebut TQP's $5.1 million damage claim—even though documents in the court docket clearly indicate the company had such a witness.

Defendants put on damage experts as a matter of course in patent cases, so not doing so here is a huge bet. It suggests Newegg is hoping strongly enough for a straight win that it believes more focus on damages would be counterproductive.

TQP's final witness, Dr. Tom Rhyne, is an expert to rebut Diffie. His testimony will continue to Monday and will be followed by closing arguments. After that, the fate of Newegg and the Jones patent will be in the hands of the jury. A verdict could come by Monday evening.

Listing image: Joe Mullin

Photo of Joe Mullin
Joe Mullin Tech Policy Editor
Joe has covered the intersection of law and technology, including the world's biggest copyright and patent battles, since 2007.
134 Comments
Prev story
Next story