Data security in the cloud is a popular topic these days. Web-based applications offer certain advantages over the traditional desktop applications, such as cross-platform compatibility and ease of access. But what about using the cloud for preparing highly confidential documents like patent applications? Currently, most patent professionals rely on Microsoft Word and various non-networked add-ins for working on their unfiled patent applications. Should one instead use a web-based service for patent proofreading or drafting before these applications are filed in the Patent Office?
The short answer is “probably not,” mostly due to the highly sensitive nature of unfiled patent applications. The advantages of the cloud services currently do not outweigh the potential risks to your clients’ confidential information in the cloud, especially when more capable and secure (i..e, not network-based) software products are available. Below we outline some of the basic issues associated with cloud processing of patent applications.
Loss of Control Over Your Confidential Documents
An unfiled patent application for a great idea is like a winning lottery ticket, but you cannot claim your prize unless you are the first one to the Patent Office. However, as soon as you upload your sensitive documents to the cloud, you lose control over them. Do you really trust your cloud service provider? Uploading your documents into the cloud means sending sensitive data into the servers that are likely scattered across the globe, without those locations always being clearly defined. Once a document leaves your computer, you will have very little ability to personally ensure that your information is safe, stored in the appropriate location, or prevent leaks or unauthorized disclosures. Even if a cloud service provider assures you of encryption between your computer and their servers or promises to delete your documents after processing, you really do not have control or insight into how they will actually handle internal security, caching, temporary files, and so on. After all, we do hear news of rampant data exposures all the time. Moreover, recently discovered of Meltdown and Spectre microprocessor vulnerabilities make it potentially possible to steal sensitive data from multiple customers of cloud service providers. You may also not like how the cloud provider uses your confidential information. For example, some large providers, such as Google, might scan or allow 3rd parties to scan your cloud data.
One-Sided Service Agreements
What happens if a data breach does occur? Major cloud service providers, such as Amazon, Google, and Microsoft, typically offer standardized agreements that generally favor cloud service providers over end-users on many key issues. For example, these standard agreements often lack well-defined guarantees about data privacy or security, and liability for data breach is usually limited to the value of a month or year of service, which is not adequate to cover loss of sensitive data, such as disclosure of subject matter in unfiled patent applications. As a result, should a leak or disclosure happen, the outcome in terms of provider liability is quite uncertain.
Possible Loss of Privacy
If you read through agreements of the major cloud providers, you will often notice certain provisions allowing for data disclosure, particularly under the law of the United States. Therefore, even if your data isn’t stolen or published, it might still end up being viewed by the governments of the countries where the cloud providers or their servers are located. Indeed, many thousands of requests for user data are sent to Google, Microsoft, and other businesses each year by government agencies. Most of the time, these companies hand over at least some information stored in their clouds.
Risk of Inadvertent Export Control Violation
Uploading your patent applications into the cloud means potentially exporting your information abroad to often unknown locations, making it quite easy to run afoul of the export control laws. For example, uploading documents into to the cloud for drafting or patent proofreading may be considered an export of technology the cloud provider’s servers are in another country. Many U.S. companies fail to realize that certain commercial technologies and their discussion in patent applications are subject to the International Trafficking in Arms Regulations (ITAR) or the Export Administration Regulations (EAR) as defense technologies. Uploading such ITAR or EAR-covered applications into the cloud can therefore expose your company to stiff penalties and denial of export privileges, among other problems.
Direct Risk to Patent Practitioner
As a patent practitioner, you may personally feel sufficiently confident about using a web service for patent drafting or patent proofreading before filing an application, but what about your clients? How would they feel if they knew that you uploaded their confidential data into the cloud? Have you obtained their explicit permission to use third-party cloud services for drafting or proofreading their apps or Office Action responses or are you violating their confidentiality agreement by doing so? Have you also considered that using such services might not only damage your client relationships, but personally expose you to litigation risk? For example, should a breach or loss of an invention occur because you’ve used a cloud-based service, will you be personally liable for the loss of information? Do you have enough malpractice insurance to cover yourself in such event? Notably, it is unlikely that you will get much recourse from the cloud service provider in the event of a data breach.
Technical Limitations of Cloud-Based Patent Proofreading/Drafting Services
Web-based services may offer easier cross-platform compatibility and deployment, but because they are not natively integrated with Word, they lack many drafting automation tools that are only available in Word add-ins, such as ClaimMaster. Web applications may also advertise to be faster than local software, but as you still need to upload your documents to the cloud before using their tools, the end-to-end processing for your documents may be the same or slower than with a Word add-in. You also cannot use web applications if you do not have reliable Internet access, such as in the airport or on the road. On the other hand, Word add-ins are always available on your computer, regardless of whether you have fast Internet connectivity.
In summary, using web-based patent proofreading or drafting services exposes you to potential risks that outweigh any purported benefits of these web services. Moreover, other safe, not-networked and feature-rich software tools are already readily available for patent drafting and patent proofreading directly inside Microsoft Word. Nevertheless, if do you decide to use a cloud-based service, first make sure to get your clients’ explicit permission and select a provider very carefully, ensuring that your service agreement adequately coves you and your clients on issues related to data security, storage/processing location, and liability.