Digital Timestamping Service

What is “Digital Timestamping Service”?  What is the problem for which “Digital Timestamping Service” is the solution?  This blog article discusses these questions.

The problem to be solved is that I have a data file that I care about, and TYFNIL I want to be able to prove to anyone who will listen that I was in possession of this exact data file at least as early as date T.  Given the title of this blog article, the alert reader will already have realized that where I am going must be that Digital Timestamping Service must be the solution for this problem.  And of course that is where I am going.  Having said that, let’s review the previous 150 years of ways that the intellectual property community has addressed this problem.

When I was first in practice, the solution to this problem was, you print out the data file on paper, you send it to the USPTO on date T, you pay the “disclosure document” (“DD”) fee, and you get the USPTO to record it as a “disclosure document”. And then TYFNIL if anybody wondered whether I was telling the truth about having been in possession of the document on the date T, they would say “surely the USPTO would not lie about this just to favor Mr. Oppedahl”. 

There were two problems about this DD approach.  A first problem about this approach is that the USPTO would only promise to preserve the DD records if the filer happened to subsequently use the DD in connection with a US patent application. Otherwise USPTO would discard all records of the DD after a year or so. So TYFNIL, you were nowhere unless you happened to have filed a subsequent US patent application citing the DD.

The second, far more serious problem with this DD approach is that to make it work, you have to send the document itself to the USPTO.  This means that the information that is to be protected is, by definition, communicated to a third party, namely to the USPTO.  If the information to be protected happens to be in the nature of a trade secret, then the DD approach is not ideal.

In my own firm’s practice the next protection mechanism that became available was the provisional patent application.  Provisional applications became available in the USPTO in about 1998.  To make use of this protection mechanism, I would take the data file of interest, print it to a PDF, e-file the PDF at the USPTO on date T, pay the “provisional patent application” fee, and get the USPTO to grant a filing date. And then if anybody wondered whether I was telling the truth about having been in possession of the document on the date T, they would say “surely the USPTO would not lie about this just to favor Mr. Oppedahl”.

Which then reminds us that “proof of possession of a document” was actually addressed long before I started my patent firm.  Perhaps the earliest mechanism established in the intellectual property community was that of the Paris Convention for the Protection of Industrial Property, adopted in 1883.  The Paris Convention defined the “certified copy”.  The “certified copy” was a physical document, bearing a physical certification from a patent office or trademark office or design office.  This “certified copy” was the definitive way for a person to prove to a patent office or trademark office or design office that they had been in possession of a particular document on date T.  This “certified copy” mechanism continues to be in use to this day, some 140 years later, augmented by WIPO’s DAS system which provides electronic certified copies which take the place of physical certified copies.

The way that you know you can trust a physical certified copy under the Paris Convention is along the lines of “certainly no one could fake this very fancy looking gold seal” and “no one could have slipped an extra page into this multipage document because there is a ribbon that passes through all of the pages and it is glued under this gold seal”.

A moment’s reflection reminds us that the intellectual property community offers other time-stamped proof mechanisms.  The USPTO, for example, has for many decades offered its recordation systems EPAS and ETAS for patent and trademark assignments.  When you record an assignment, what you get is a “reel and frame number” which is a pointer to a place on a reel of microfilm that USPTO says is trustworthy. It shows a “date recorded” and you can with a visit to a microfilm reader, see what was recorded at that reel and frame number.

When I was first in practice the way that you knew you could trust the reel and frame numbers was that the USPTO followed a practice of making copies of the microfilm reels and distributing them to depositary libraries across the United States.  The idea was “no one could fake this because they would have to get all of the libraries to join in the deception and there is no way they would succeed”.

Here is my personal favorite intellectual property date-stamped proof-of-possession mechanism.  Look at my certificate of completion of the WIPO PCT Distance Learning Course.  In the lower right corner is the thing “qlDA7pbzFA” that WIPO preserves in perpetuity.  This string of characters permits me to to claim that someone with my name passed that course on that day. I’d guess it is a crypto signed hash of (1) my name and (2) the date that I completed the course and (3) the name of the course.

But wait until I tell you about the absolute stupidest approach that anyone could ever think of for proof-of-possession in the context of intellectual property.

It is the “source code deposit” as defined in Circular 61 of the US Copyright Office. The applicant is in possession of an item of computer source code, and they carry out a “copyright registration”, and the idea is that TYFNIL the court will compare the accused software work with the source code that was registered.  At filing time the applicant sent a “Circular 61 deposit” to the Copyright Office.  This deposit is the thing that would be used, TYFNIL, as the way of proving that the claimant was in possession of that body of source code on that date T.  And what is the deposit as defined in Circular 61? Since 1978, this is how it has worked.  The applicant prepares a printout of the first fifty pages and last fifty pages of that body of code. And the filer is permitted to redact up to 49% of the characters in the printout.

I am astonished to tell you that today in 2019 this is still how a copyright claimant in the US Copyright Office registers the copyright in a body of source code.  Thirty-nine years have passed, and still the Copyright Office uses this approach as the time-stamped proof-of-possession mechanism for computer source code.

If the document is 200 pages long, or 1000 pages long, or 10000 pages long, we print out the first and last fifty pages, and we run them through a redacting process that randomly changes 49% of the characters to black rectangles. The 100 pages in the middle, or the 900 pages in the middle, or the 9900 pages in the middle, are omitted from the deposit.  TYFNIL, the parties to the litigation look at the deposit which had been preserved at the US Copyright Office, and compare this with the accused infringing work, to see whether unauthorized copying took place. Oh and the claimant (plaintiff) proffers the actual source code file from ten years earlier, and says “now for the first time I will show you what was in the 100 or 900 or 9900 pages in the middle” and everyone is supposed to trust the plaintiff that they are not making this up about what was in those 100 or 900 or 9900 pages in the middle.

If you were to set a goal of making up a crazy stupid time-stamped proof-of-possession approach that was stupider than any other, it would not be within your ability to think of one as stupid as this one.  Thirty-nine years have passed and the Copyright Office has not gotten a clue about this.

Anyway circling back around to Digital Timestamping Service, which is the point of this blog article.

So now in 2019 I might want to be able to prove to anybody who will listen that I was in possession of some data file at least as early as date T. And in 2019 the answer is, I do a hash of the data file.  I get somebody somewhere to “sign” the hash. TYFNIL I can proffer the data file itself, and the “signed” hash of my data file, and anyone who will listen will trust that I was not making this up. The steps are: TYFNIL the skeptical party looks at my data file, they calculate for themselves the hash of that file, and they look at the “signed” hash that I proffer. If it all matches, then I must not be lying.

Let’s think through the things that have to be satisfied for this proof-of-possession to really work:

  • Preservation of records.  The party claiming past possession of the document needs to successfully preserve the document itself in error-free digital format, so that the hash can be computed again.
  • Absence of successful attack on the hash function.  Over the years some hash functions have been found to be mathematically weak. The particular hash function that the claimant used at the time of the timestamping needs to have turned out, at litigation time, not to have been successfully attacked as being mathematically weak.
  • Continued existence of the service provider.  The entity that provided the time stamp needs still to be in existence at litigation time, and needs to have diligently preserved necessary records such as private PKI keys.  

And, perhaps most importantly, for this digital timestamping to work, the service provider will be a trusted neutral party, a party having credibility in the intellectual property community.

You can read a pretty good Wikipedia article about this.

There are entities right now that offer digital timestamping services.  My favorite is FreeTSA.org, which provides free-of-charge digital timestamping services.  There are also for-profit entities offering such services, including Notarius and GlobalSign.

The alert reader will be getting ready to slap the buzzer with a question — what about blockchain?  

Yes, of course blockchain.

No matter what activity you are doing, yes of course there is no choice but to consider whether that particular activity can be improved by doing it with blockchain (shared ledger technology).  When Tom Sawyer was painting the fence and was hoping to lure others into helping to paint the fence, we now realize in 2019 that he would have been smart to tell people he was using blockchain paint, and more people would have joined in faster to help paint the fence.  Yes, we all get that.

And yes, you could devise a digital timestamping service employing blockchain as the durable records-preservation mechanism.  This would potentially eliminate the “continued existence of the service provider” requirement mentioned above.  And it would potentially eliminate the requirement of “credibility of the service provider” as mentioned above. But this in turn relies upon two more requirements that would have to be satisfied at litigation time:

  • at litigation time, the skeptical adversary would have to understand what blockchain means and how it works, and
  • at litigation time, the judge and jury would have to understand what blockchain means and how it works.

Yeah, right.

Right now in 2019, who actually uses digital timestamping services?  I think that right now in 2019, very few companies, very few inventors, very few entities in possession of trade secrets that need protecting, understand what digital timestamping services are, let alone make use of such services.   

What would it take for companies and inventors and entities in possession of trade secrets to start making use of digital timestamping services?  I suppose two things are needed.  First, the intellectual property community needs to get a clue about these things.  People need to learn things like how to calculate a hash of a data file.  They need to learn how to obtain the digital timestamp and to preserve that piece of information. They need to develop procedures for preserving data files intact so that TYFNIL the hash can be calculated again, getting the same answer.  People need to learn how this could make all the difference in the world in a real-life litigation.

You know about escape rooms (Wikipedia article), right?  It’s room where you are locked in, and you have to solve some puzzles or something, and then you can get out from the locked room.  Of course there is a buzzer you can smack and an attendant will let you out if you can’t solve the puzzles.  So you won’t starve to death in the room.

Anyway here is something I am quite sure about.  Suppose you were to go to Patentscope and pull out the names of 100 named patent practitioners from around the world at random.  And suppose you were to invite these people to join you in an experiment.  The experiment would be that one by one, each person gets locked in an escape room.  (Or maybe teams of two or three practitioners.)  The escape room has been designed so that the way that you escape is to accurately state the definition of a cryptographic hash function, and maybe accurately explain how digital timestamping works, and correctly explain how blockchain works. 

I am quite sure that if you were to try this experiment several times, on average only one out of each 100 patent practitioners would be able to get out of the escape room.  The other 99 would either starve to death or, one hopes, would figure out how to smack the buzzer to get out of the room.

I am quite serious about my suspicion that the vast majority of patent practitioners around the world do not at all understand digital timestamping and why and how their clients probably ought to be making use of it.

Which then gets us to one of the earlier points, which I think is a very interesting point.  Recall that for digital timestamping to work in litigation, what needs to happen is that the adversary in litigation, and the judge, and the jury, all trust the entity that did the timestamping.  Well, they all have to understand what digital timestamping means, and they have to trust the entity that did the timestamping.

If you click here, you can see that the World Intellectual Property Organization is considering developing and providing a digital timestamping service.  

It seems to me that if WIPO were to offer such a service, this would go a long way toward several good ends.  Yes of course WIPO is the paradigm of a trusted entity.  Yes of course WIPO is the very model of a neutral party.  Yes of course if a representative of WIPO were to appear before a judge and a jury to explain what a digital timestamp is, and why this particular digital timestamp really does prove that party P must have been in possession of document D on date T, there is no doubt that the judge and the jury would pay attention and would give great weight to the testimony.  More importantly, yes of course if a would-be adversary wonders whether or not to go to court to try to put into question whether party P is telling the truth about having been in possession of document D on date T, there is nothing quite like a digital timestamp from WIPO to prompt that would-be adversary to drop its real or imagined skepticism on that point.

As mentioned above one of the requirements for a particular digital timestamp to accomplish its purpose is that the entity that carried out the time stamping needs to still be around at litigation time.  I am prepared to stick my neck out and say that I guess WIPO will probably still be around ten years from now.

But the real point is to get the escape-room number up from 1% to some higher percentage.  What needs to happen is that the intellectual property community must somehow get dragged, kicking and screaming, into the present decade so far as understanding of these things is concerned.  The fact that various entities (as discussed above) are already offering digital timestamping services has not, by itself, given rise to a meaningful clue level in the IP community.

Were WIPO to follow through on its proposal to provide a digital timestamping service, this would be a front-and-center thing.  The presence of information about the service on a page of the WIPO web site would lead to situations where practitioners would, by accident, click on the page, and some fraction of those who accidentally landed on the page would educate themselves about it.  

Intellectual property professional associations around the world have, until now, done almost nothing to educate their members about digital timestamping and its importance for things such as protection of trade secrets.  Were WIPO to launch a digital timestamping service, it would prompt the professional associations to do more to educate their practitioner members about this.

One Reply to “Digital Timestamping Service”

  1. I sincerely want to thank you for this enlightening article, sharing your experiences, and confirming some of my guesses on what is still missing in the IP protection strategy of most firms and in the offer of most IP service suppliers

Leave a Reply

Your email address will not be published. Required fields are marked *