As I have reiterated in several articles on defence-related inventions (most recently in issue 73 of MARCHAMOS magazine – in Spanish), the publication of patent applications at 18 months from the filing or priority date is one of the fundamentals of the patent system. This is evident from the etymology of the term “patent” which derives from the Latin patents- entis and in turn from “patere” (“to be exposed” or “to be obvious”).
However, it should not be forgotten that all patent applications must be kept in safe custody and not be published until the period of 18 months from the filing or priority date has elapsed, which can sometimes be shortened if early publication of the application is requested, which is provided for in most patent laws. The applicant is counting on the fact that their invention will not be disclosed before 18 months and it is the responsibility of the Patent Offices to ensure that such early disclosure does not occur. Occasionally patent applications have been published by mistake before 18 months, but the main threat to such unpublished applications comes from unauthorised access to such information.
There have always been concerns about the security of unpublished patent applications. As early as 1956, in this letter (available in the CIA’s declassified information database), a retired US Army colonel, probably working as a patent agent for the company “Toulmin & Toulmin”, complained to the CIA. He was concerned about the lack of attention paid in his opinion by the leadership of the USPTO and the Department of Commerce to the danger that the contents of pending patent applications held by the USPTO could be leaked. The retired colonel refers to an earlier letter signed by the FBI Director J. Edgard Hoover, who had replied that there was no legal basis for action in this matter.
Concerns about a possible unauthorised access to unpublished patent applications surfaced again during the previous campaign for the election of the WIPO Director General, where the Chinese candidate had a good chance of winning the post. In the United States, one of the arguments used to try to convince other countries against a Chinese Director General was that it would make it easier for Chinese intelligence services to gain access to such information. James Pooley, former Deputy Director General of WIPO, stated that “the biggest problem is that there is a massive storage of trade secrets at WIPO”. This clearly refers to the unpublished PCT patent applications. “The security is very strong, but for the guy with the key, the strong security doesn’t matter”. It was even suggested that the US might leave WIPO for this reason if China happened to win the Directorate General.
The main threat to the content of unpublished patent applications today is posed by hackers, sometimes enemy states, who are a menace to all kinds of private data.
It is not easy to obtain information on situations in which the content of unpublished patent applications has been accessed, as the Patent Offices try to hide this type of situation, due to the alarm that would be created. However, the USPTO has always been characterised by its transparency and we are therefore aware that a situation of this type occurred in 2012. Only bibliographic and file processing data was accessed. Perhaps, it was because of the low danger of the situation that this was disclosed. In 2018 the USPTO announced that unauthorised access to and manipulation of trademark data had been attempted.
An audit carried out in 2018 revealed that the USPTO’s cybersecurity was at risk. The issue 51 of MARCHAMOS magazine disclosed that in 2014 the OEPM (Spanish Patent and Trademark Office) had suffered an attack by the ransomware-type cryptolocker virus.
Last December 2021, a very serious vulnerability related to JAVA was reported, specifically a critical vulnerability in Apache Log4j. Large patent offices such as the USPTO and the EPO (European Patent Office) took measures to avoid being affected by this vulnerability.
As reported on CNN, the USPTO suspended outside access to its computer systems for 12 hours. The European Patent Office published an announcement on its website stating that they were on alert and taking the necessary measures to avoid being affected by the vulnerability.
Although nowadays there are many sectors in which it is necessary to be alert to prevent possible cyber-attacks, Patent Offices have a great responsibility in view of the legal obligation to prevent access to patent applications before the publication date. Therefore, Patent Offices must endeavour to keep their level of cybersecurity one step ahead.
Leopoldo Belda Soriano
Proofread by Ben Rodway