[Patentpractice] Interesting notice from USPTO re data breach

Carl Oppedahl carl at oppedahl.com
Mon Apr 29 10:44:03 UTC 2024 

I consider it vanishingly unlikely that the CIO successfully 
communicated this /mea culpa/ Notice to all or even most of the US 
patent applicants whose invention titles got revealed to third parties.

A few minutes ago I received the same /mea culpa/ Notice that Dan 
received, in one of my recently filed US patent applications for one of 
my clients.  The Notice is attached.  The reason I received the Notice 
is simple -- I myself carried out a recordation in Ass. Center against 
that US patent application.  So I was given the opportunity to see the 
title of an application that I myself had filed.  No harm, no foul.

What the CIO did, I expect, was to generate a report of all /*completed 
*/recordation submissions that anybody carried out between February 5 
and March 29.  And yes of course in each of those recordations, the 
invention title got revealed, but common sense tells us that the vast 
majority of those filers were filers who already knew the invention 
title because it was an application that they already knew about 
(typically because they filed it in the first place).

Those who have made use of Ass. Center are very familiar with this part 
of the e-filing process.  You enter a US patent application number and 
click "next".  And then Ass. Center displayed the invention title.  You 
were then invited to look at the application title to decide whether you 
made any mistake when you entered the US patent application number.  If 
the title did not look familiar, maybe you mistyped a digit in the 
application number.  At that point, you would click the "back" button to 
enter a corrected application number, and you would proceed eventually 
to a "submit" screen.

What the CIO surely missed is all of the instances where an Ass. Center 
use made a mistake in the application number, and saw somebody else's 
invention title, and then went back and entered a corrected application 
number.  I am quite sure that Ass. Center never logged the instance of 
the incorrect application number having been entered /and then 
subsequently corrected/, prior to the "submit" button being clicked.  I 
am quite sure that the CIO has not communicated this /Notice of 
Potential Erroneous Release of Patent Application Titles /to the 
applicant whose incorrect application number had gotten entered by 
mistake by somebody else, because I am quite sure that those "incorrect" 
application numbers never got logged.

In round numbers, applicants file roughly half a million patent 
applications per year.  During the seven weeks that this defect in Ass. 
Center was displaying invention titles to third parties, something like 
eighty thousand patent applications got filed.  I'd guess that in maybe 
50% of those cases, somebody carried out an e-filing in Ass. Center.  
Yes, I realize the e-filings were partly for cases filed before Ass 
Center got rolled out.  But anyway, maybe Ass Center got used around 
forty thousand times during the duration of the data breach.

Then in recent days the CIO decided to send out this Notice.  I was one 
of the roughly forty thousand Ass. Center users who received the /mea 
culpa/ Notice, and in my case it was no harm, no foul.  I'd guess that 
the vast majority of the recipients were similarly in a no harm, no foul 
situation.

The vast majority of US patent applicants who /*did*/ have their 
invention titles revealed to a third party probably did not receive the 
CIO's /mea culpa/ Notice, because I am sure the developers of Ass. 
Center failed to log the mistyped application numbers.  If an applicant 
whose invention title got revealed in this way to a third party did 
receive the CIO's /mea culpa/ Notice, it would only be due to a 
coincidence that the applicant had by chance itself made use of Ass. 
Center during the time of the data breach.

What the USPTO ought to do, as a corrective step, is to publish the /mea 
culpa/ Notice in some prominent way on the USPTO's web site.  Only then 
is it likely that a significant fraction of the US patent applicants 
whose invention titles were revealed to third parties will learn of the 
data breach.


On 4/28/2024 3:39 AM, Dan Feigelson via Patentpractice wrote:
> I got the following in one of my cases. Supposedly posted yesterday 
> (Saturday, April 27)
>
> *Notice of Potential Erroneous Release of Patent Application Titles*
>
> On February 5, 2024, the United States Patent and Trademark Office 
> (USPTO), replaced the Electronic Patent Assignment System (EPAS) and 
> Electronic Trademark Assignment System (ETAS) with Assignment Center.
>
> Between February 5, 2024 and March 29, 2024, the USPTO, 
> unintentionally, through a computer programming error, permitted 
> bibliographic information to be viewed by unauthorized individuals 
> with access to registered Assignment Center accounts. This 
> bibliographic information was limited to the application number (the 
> two-digit series code plus the six-digit serial number) and title of 
> the invention.
>
> You are receiving this notification because your application ’spatent 
> title may have been viewed during that time frame by individual(s) who 
> lacked permission to do so . The software error was first reproduced 
> by USPTO on March 28, 2024, and was corrected on March 29, 2024. Only 
> application numbers and titles were disclosed; it is important to note 
> that your specification and claims were not part of the information 
> made available and were not accessed.
>
> Any improper access of the application information between the dates 
> of February 5, 2024 and March 29, 2024, is not considered a 
> publication of such applications under 35 U.S.C. 122(b). No rights in 
> United States patents are threatened by the access to unpublished 
> applications. It is extremely unlikely that the title could disclose 
> the invention in a way that would constitute patent- defeating prior 
> art in any jurisdiction. To the extent any issue is raised, the USPTO 
> will assist applicants by confirming that the disclosure was erroneous 
> and inadvertent.
>
> We’re committed to data security and are taking enhanced steps to 
> prevent incidents such as this from happening in the future. The USPTO 
> sincerely regrets this error and is instituting more testing controls, 
> both manual and automated testing, to prevent similar processing 
> errors in the future.
>
> Inquiries regarding this matter may be directed to Mark Polutta, 
> Senior Legal Advisor, at (571) 272-7709 or Andrew Stclair, Legal 
> Advisor, at (571) 270-0238, both of the Office of Patent Legal 
> Administration or via email addressed to ugPto.gov.
>
> Henry “Jamie” Holcombe
> Chief Information Officer
> US Patent and Trademark Office
> Office +1 (571)272-9400
>
> Dated: April 27 th , 2024
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://oppedahl-lists.com/pipermail/patentpractice_oppedahl-lists.com/attachments/20240429/dee76ddb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: notice-of-revelation.PDF
Type: application/pdf
Size: 40539 bytes
Desc: not available
URL: <http://oppedahl-lists.com/pipermail/patentpractice_oppedahl-lists.com/attachments/20240429/dee76ddb/attachment.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4514 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://oppedahl-lists.com/pipermail/patentpractice_oppedahl-lists.com/attachments/20240429/dee76ddb/attachment.p7s>

More information about the Patentpractice mailing list