Home Tags Monopoly

Tag: monopoly

EFF’s Stupid Patent of the month: Dispatch a taxi (on a...

Computer-aided taxi dispatch came years before the patent.

But will that matter?

Lawsuit: Mylan’s epic EpiPen price hike wasn’t about greed—it’s worse

With higher prices, Mylan allegedly dangled deep discounts—if buyers excluded rival.

How talking about song lyrics got patented

Applicant can "game the system" by adding obvious features no one wrote down.

Feds sue Qualcomm for anti-competitive patent licensing

reader comments 27 Share this story The US Federal Trade Commission has charged Qualcomm with violating the FTC Act. The feds say that Qualcomm's patent-licensing policies amount to unfair competition.The FTC's redacted complaint (PDF), filed today, says that Qualcomm maintains a "no license, no chips" policy that forces cell phone to pay high royalties to Qualcomm. Qualcomm is a major supplier of baseband processors, and it also licenses patents that it says are essential to widely adopted cellular standards. According to the FTC complaint, Qualcomm won't sell baseband processors unless a customer takes a license to Qualcomm's standard-essential patents, on Qualcomm's terms. And Qualcomm has refused to license its standard-essential patents to competitors, which the FTC says violates Qualcomm's commitment to license on a "fair, reasonable and non-discriminatory" or FRAND basis. Agreeing to FRAND licensing terms is required by the standard-setting organizations to which Qualcomm belongs. According to the FTC, Qualcomm has also made exclusive deals with Apple that exclude competitors and harm competition. "By using its monopoly power to obtain elevated royalties that apply to baseband processors supplied by its competitors, Qualcomm in effect collects a 'tax' on cell phone manufacturers when they use non-Qualcomm processors," write FTC lawyers. "This tax weakens Qualcomm's competitors, including by reducing demand for their processors, and serves to maintain Qualcomm's monopoly in baseband processor markets." The complaint, filed in federal court in San Jose, also says that when Apple "sought relief from Qualcomm's excessive royalty burden," Qualcomm laid out a condition—that Apple would exclusively use Qualcomm baseband processors in their products from 2011 to 2016. That denied anyone else who made baseband processors the chance to work with Apple, "a particularly important cell phone manufacturer." The FTC wants a court order that would force Qualcomm to stop what it views as anti-competitive conduct. The Commission voted 2-1 to file the complaint, with Commissioner Maureen K. Ohlhausen taking the unusual step of issuing a written statement (PDF) along with her dissent. In her view, the FTC has filed a "flawed" complaint that "lacks economic and evidentiary support, that was brought on the eve of a new presidential administration, and that, by its mere issuance, will undermine US intellectual property rights in Asia and worldwide." "The complaint fails to allege that Qualcomm charges more than a reasonable royalty," writes Commissioner Ohlhausen. "That pleading failure is no accident; it speaks to the dearth of evidence in this case." The complaint comes just as FTC chairwoman Edith Ramirez has said she will step down in February. President-elect Donald Trump will have three vacancies to fill on the Commission. Under a Republican president, the FTC is expected to include two Democrats and three Republicans, since no more than three commissioners can be from any single party. Qualcomm responded in a statement. It said that it has neither withheld nor threatened to withhold its chips in order to get "unfair or unreasonable licensing terms." The FTC's allegation to the contrary is wrong, according to Qualcomm, and its case is "significantly flawed." "This is an extremely disappointing decision to rush to file a complaint on the eve of Chairwoman Ramirez’s departure and the transition to a new Administration, which reflects a sharp break from FTC practice," said Qualcomm General Counsel Dan Rosenberg. "We look forward to defending our business in federal court, where we are confident we will prevail on the merits."

South Korea slaps Qualcomm with record-setting $850M fine

Qualcomm displays some of its patents on a wall in its headquarters in San Diego, California.Nathan Rupert / flickr reader comments 15 Share this story South Korean regulators say that Qualcomm's patent-licensing methods violate Korean unfair competition laws, and the company must pay a fine of 1.03 trillion won, or about $850 million or £695 million. Qualcomm has said it will fight the massive fine in court. The Korea Fair Trade Commission, or KFTC, held that Qualcomm refused to license certain standard-essential patents on its chips to rival chipmakers including Intel, Samsung, and MediaTek.

The commission ordered Qualcomm to renegotiate those licenses in good faith, according to a Reuters report on the matter.

The fine is the largest ever issued in Korea. In its report on the Korean fine, Bloomberg notes that Qualcomm makes most of its profits, about $6.5 billion in its most recent year, from selling the rights to its chip technology. Qualcomm "has violated its agreement to license patents on fair, reasonable, and non-discriminatory terms, known as FRAND," the Commission said in a statement. In response, Qualcomm issued a statement calling the fine "an unprecedented and insupportable decision, relating to licensing practices that have been in existence in Korea and worldwide for decades." Qualcomm also said the KFTC has shown no evidence of any harm to competition, which it claims is "robust among chip and handset suppliers" because Qualcomm's model promotes competition.

The fine undermines incentives to invest. "Importantly, this decision does not take issue with the value of Qualcomm’s patent portfolio," said Qualcomm general counsel Don Rosenberg. "Qualcomm’s enormous R&D investments in fundamental mobile technologies and its broad-based licensing of those technologies to mobile phone suppliers and others have facilitated the explosive growth of the mobile communications industry in Korea and worldwide." The KFTC directive won't become official until it issues a written decision and order, which typically takes about four to six months. Qualcomm has said it will immediately appeal at that time.

The company will still have to pay the fine within 60 days after the written order comes out, although it will be subject to adjustment or refund based on the appeal. In a separate case brought by the Korea Fair Trade Commission in 2009, Qualcomm was hit with a $209 million fine, which was the largest in Korea's history at that time.

That fine is on appeal at the Korean Supreme Court, according to Bloomberg. Last year, Qualcomm was fined $975 million by Chinese anti-monopoly regulators.

The company did not challenge that decision, which also set rates and conditions for Qualcomm's licensing in China.

Smartphone patent wars redux: Nokia sues Apple, big time

Photo by Tim Duckettreader comments 63 Share this story Nokia and Alcatel-Lucent have launched a major legal attack on Apple, filing lawsuits in Germany and the US that accuse Apple of infringing 32 patents. According to Nokia's statement, the patents cover technologies that include display, user interface, software, antenna, chipsets, and video coding.

The US lawsuit includes 10 patents and was filed in federal court in East Texas, a venue that's long been favored by patent owners. Most of the patents originated at Nokia, but at least one originated at Lucent Technologies. Nokia agreed to buy Alcatel Lucent in 2015 and completed the deal last year. The new lawsuit (PDF) appears to be a major revival of the patent battles Apple and Nokia fought between 2009 and 2011.

Back then, the two companies were also engaged in litigation that spanned the globe.

All that was put to rest with a settlement in 2011, which analysts estimated at the time may have been worth hundreds of millions of euros to Nokia.

Despite those payments, Nokia said in a statement today that Apple refused to license "other of its patented inventions which are used by many of Apple's products." Of course, that might be because Nokia didn't offer them as part of the 2011 settlement package.
Some Nokia patents were distributed to so-called "patent trolls," also called patent assertion companies or PAEs.

Those PAEs include Acacia Research Corp., a branch of which won a $22.1 million verdict against Apple in June. "Nokia has created or contributed to many of the fundamental technologies used in today's mobile devices, including Apple products," said Nokia patent chief Ilkka Rahnastoin a statement. "After several years of negotiations trying to reach agreement to cover Apple's use of these patents, we are now taking action to defend our rights. The Nokia lawsuit accuses every version of iPhone—from the iPhone 7 all the way back to the iPhone 3GS—of infringing Nokia patents.

Also accused are iPad Pro and every version of iPad Air and iPad Mini, as well as the Apple Watch, Apple TV, and services like Find My iPhone and Find my iPad. As one example, Nokia says that US Patent No. 6,701,294, which it acquired from Alcatel-Lucent, is infringed by Apple's Siri feature in iOS 10. "Apple's Siri acts as an intelligent personal assistant in conjunction with the user interface... of Apple mobile devices," the complaint states.

The Siri-using products have a "translator unit," an "evaluator unit" and an "interrogator unit for querying said one or more prescribed databases," and a "supplier unit" to give information to the user.
In Nokia's view, the Apple "supplier unit" consists of "the Siri program, including the Apple device, wireless connections, and backend servers." Nokia's business has gone through dramatic ups and downs since its earlier dispute with Apple. Nokia sold its phone business to Microsoft in 2014.

But Microsoft struggled and ultimately exited the smartphone sector anyway earlier this year, taking a final write-down on the $7.1 billion Nokia purchase and laying off up to 1,850 workers. Earlier this month, Nokia announced plans to get back into the smartphone business with Android-powered phones that will be on the market next year. Just yesterday, Apple filed an antitrust lawsuit (PDF) against Nokia in federal court in San Jose.
In it, Apple accused the Finnish company of transferring "massive numbers of patents" to patent assertion companies like Acacia. Nokia reached a deal with "each of its PAE co-conspirators" to separately enforce a diffused patent portfolio, "to maximize the aggregate royalties that can be extracted from product companies," Apple lawyers allege. "Nokia and those PAEs have thereby increased market power and created or enhanced monopoly power associated with those patents." Apple claims that Nokia's strategy of working with PAEs to stack up big royalty payments is a violation of US antitrust laws, as well as a breach of contract.

The breach of contract claim says that Nokia violated its commitments to license certain standard-essential patents on a FRAND (fair, reasonable, and non-discriminatory) basis.

Trump’s latest FCC advisor opposes Title II, supports data cap exemptions

Enlarge / President-elect Donald Trump on the campaign trail.Getty Images | Joe Raedle reader comments 95 Share this story President-elect Donald Trump yesterday announced a third advisor to oversee the Federal Communications Commission's transition from Democratic to Republican control. Roslyn Layton, Trump's new addition, joins Jeffrey Eisenach and Mark Jamison on the FCC transition team.

All three are outspoken opponents of the FCC's Title II net neutrality rules and are affiliated with the conservative American Enterprise Institute (AEI). Enlarge / Trump advisor Roslyn Layton. Roslyn Layton Current FCC Chairman Tom Wheeler's signature move was the reclassification of ISPs as common carriers under Title II of the Communications Act and imposition of net neutrality rules.

The move was supported by Democrats and consumer advocates who say ISPs shouldn't be able to favor or disfavor online content by blocking, throttling, or charging for prioritization. Wheeler's Title II net neutrality rules survived a court challenge from ISPs but could be eliminated under Trump either with Congressional legislation or FCC action. Layton argued on the AEI blog that government regulations aren't necessary to protect net neutrality. "Regulation proponents argue that without such rules your Internet provider would speed up or slow down websites," she wrote. "There have never been rules against this, but Internet providers don’t do it anyway.
Simply put, the business opportunity to deliver an open Internet is far greater.

Failing that, antitrust laws deter discriminatory behavior, already ensuring net neutrality." Layton opposed proposed rules intended to provide alternatives to set-top boxes that must be rented from cable TV companies and customer privacy rules for Internet providers.
She also supports ISPs' right to accept money in exchange for exempting some services from data caps. "Free data programs from mobile service providers have the potential to disrupt the traditional online advertising space as the programs offer businesses and entrepreneurs a third way, a path that doesn’t involve Google or Facebook, to reach consumers," Layton wrote. "A free data program could shift ad dollars away from those incumbents and create competition in the online advertising space by providing an alternative for entrepreneurs and advertisers to reach mobile subscribers." The Wheeler-led FCC has allowed data cap exemptions to proliferate despite objections from Democratic senators, but recently criticized AT&T for exempting its own DirecTV video from mobile data caps while charging other companies for the same "zero-rating" privilege. Opponents of zero-rating say the practice helps ISPs favor their own content at the expense of competitors, and lets big-pocketed companies pay for advantages that many startups can't afford. In addition to being a visiting fellow at AEI, Layton does telecom research at Aalborg University in Denmark.

The Trump transition team position is a part-time volunteer role with no compensation, she told Ars today. We asked Layton for an interview about her plans for the FCC, but she said she is not yet authorized to speak publicly about the transition. "I am not a member of any political party," Layton says on her website. "I don’t own stock in any Internet or telecom company.  My compensation comes partly from a program in the Danish government and partly from Strand Consult." Trump's previously announced FCC advisors have ties to the telecom industry. Eisenach formerly worked on behalf of Verizon and other telecoms as a consultant, and Jamison used to manage regulatory policy at Sprint.

Both opposed many of Wheeler's major initiatives, and Jamison wants to eliminate most of the FCC. Consumer advocacy group Free Press argued last week that Trump's FCC advisors have "habitually opposed the communications rights of real people, prioritizing instead the monopoly-minded views of companies like AT&T, Comcast and Verizon."

Trump hires two net neutrality opponents to oversee FCC transition

Enlarge / President-elect Donald Trump.Getty Images | Drew Angerer reader comments 115 Share this story President-elect Donald Trump has appointed two outspoken opponents of net neutrality rules to oversee the Federal Communications Commission's transition from Democratic to Republican control. The appointees announced yesterday are Jeffrey Eisenach and Mark Jamison. Eisenach is director of the Center for Internet, Communications, and Technology Policy at the American Enterprise Institute (AEI), while Jamison is a visiting fellow at the same institution.

Eisenach previously worked on behalf of Verizon and other telecoms as a consultant, and Jamison used to manage regulatory policy at Sprint. Eisenach and Jamison aren't necessarily candidates for FCC chairman, but they will help set the commission's direction and could help Trump choose FCC leadership.

Their views on net neutrality match those of Trump, who opposed the net neutrality rules passed under current Chairman Tom Wheeler.

Those rules prohibit ISPs from blocking or throttling lawful Internet traffic or giving priority to Web services in exchange for payment. Jamison recently described net neutrality rules as "economics-free regulations for the Internet," saying that such rules should only be adopted "if there is actual evidence of monopoly." "Net neutrality in the US is backfiring," Jamison wrote. "There are two basic reasons for the failure. One is that net neutrality policy has lost its focus and is now a growing miscellany of ex ante regulations that frequently work against the entrepreneurs and consumers the rules are intended to help.

The second reason is that the net neutrality mindset is locked into a fading paradigm in which networks are distinct from computing and content.

Facebook, Netflix, and Google are investing in customized networks and, in doing so, demonstrating that next-generation breakthroughs will leap beyond the old mindset." Jamison also opposed Wheeler's proposal to free consumers from renting set-top boxes by requiring cable companies to make video applications for third-party devices. Eisenach testified against net neutrality rules in a Senate Judiciary Committee hearing in September 2014, before the FCC passed its regulations. "Net neutrality regulation cannot be justified on grounds of enhancing consumer welfare or protecting the public interest," Eisenach said. "Rather, it is best understood as an effort by one set of private interests to enrich itself by using the power of the state to obtain free services from another—a classic example of what economists term 'rent seeking.'" Concerns about ISPs using market power to harm competitors or consumers are best addressed through existing antitrust and consumer protection laws, he argued. Eisenach made FCC submissions on behalf of Verizon as recently as 2013 but said this month that he's no longer working for Verizon. "[T]he facts are: [I'm] Not a lobbyist; not consulting for Verizon; no consulting business before the FCC at all," Eisenach tweeted. In addition to their AEI roles, Eisenach is a managing director at NERA Economic Consulting while Jamison is a professor and director of the Public Utility Research Center at the University of Florida. While Jamison wasn't previously linked to the Trump transition, Eisenach's appointment is no surprise, as he was advising Trump during the presidential election. Trump vowed during his campaign to oppose AT&T's purchase of Time Warner, the owner of CNN and HBO, but his appointments of Eisenach and Jamison may be good news for AT&T.

A Recode article notes that both Eisenach and Jamison supported AT&T's attempted purchase of T-Mobile USA in 2011, even though the FCC's Democratic leadership blocked the deal.

Podcasting patent troll fights EFF on appeal, hoping to save itself

Getty Imagesreader comments 17 Share this story The owner of a patent on podcasting is hoping to snatch victory from the jaws of defeat. Personal Audio and its owner, Jim Logan, lost their patent last year after lawyers from the Electronic Frontier Foundation showed the US Patent and Trademark Office that various types of Internet broadcasts pre-date the patent, which claims a 1996 priority date. The podcasting patent became famous and received national media attention after it was used to sue several high-profile podcasters, including Adam Carolla, who raised $500,000 and fought back for a time before reaching a settlement in 2014. Personal Audio had also sued several big TV networks, and its case against CBS went to a jury in September 2014.

The jury found the patent valid and awarded Personal Audio $1.3 million, a victory that Personal Audio's lawyers have noted in their appeal arguments. The controversy is now in the hands of the US Court of Appeals for the Federal Circuit, the court that handles all patent appeals.

A three-judge panel heard arguments over the matter earlier this month. Just like CNN? In its appeal brief (PDF) and at oral arguments, Personal Audio lawyer Jeremy Pitcock argues that his client’s patent, US Patent No. 8,112,504, is a significant improvement on two pieces of “prior art” that EFF successfully used to invalidate it at the US Patent and Trademark Office. Those earlier systems include one used by CNN, which described its system for a “digital news magazine” in 1995.

The other system comes from a 1996 article explaining an early Internet radio experiment by the Canadian Broadcasting Corporation (CBC), which broadcast online as early as 1993. In a proceeding called an “inter partes review,” a board of judges at the Patent Trial and Appeal Board ruled in EFF’s favor, finding that Personal Audio didn’t create anything that hadn’t already been done by the CBC and CNN. On appeal, Pitcock writes that the earlier technology for downloading content from the Web was “deficient” because it disseminated “individual program selections one at a time.” The ‘504 patent describes putting out “a series of episodes… as said episodes become available” and organizing them all in one “compilation file.” The CNN system created a new webpage at a new URL each day, which Pitcock argues is an important difference.

The CNN prior art “does not disclose making multiple programs available at a given URL or creating an updated version of an HTML file” that shows both new and old episodes. In Pitcock’s view, Jim Logan's patent claim “teaches” that a “series of episodes” refers to “multiple, sequentially-ordered, and distinct programs issuing at different times.” Displaying media on one webpage, as opposed to multiple webpages, might seem like a small difference.

But in the patent-speak employed by Personal Audio and its lawyers, those shifts in presentation are “teachings” that justify getting a new patent and the 20-year monopoly it entails. Pitcock didn’t respond to requests for comment for this story.

An EFF lawyer declined to add to earlier comments about the case, saying it’s in the hands of the Federal Circuit. An appealing pivot At oral argument, Personal Audio lawyer Jeremy Pitcock described his client’s “new apparatus” to the judges.
It created a “compilation file” with both old and new episodes in it.

That made it unlike the CNN system. “Every day, a bunch of segments from that day’s newscast are made available at a single link,” said Pitcock, using inventors’ names to refer to the CBC and CNN prior art. “That information is never updated, is never changed.

The next day, a different series of little segments is made available.
It’s undisputed that’s how Compton/CNN and Patrick/CBC work.” EFF lawyer Nick Brown countered that the Patent and Trial Appeal Board got it exactly right when they threw out the podcasting patent. “What we have here is a pivot,” EFF lawyer Nick Brown told the panel when his turn came. “It’s an attempt to recast this argument that they lost below… and to turn it into an argument about a ‘series of episodes.’ The argument about a ‘series of episodes’ is about when the compilation file is updated. That’s exactly what CNN does.

There’s no requirement that the same story [be updated].” The matter is now in the hands of the panel.
If EFF wins, the podcasting patent won’t have anywhere else to go. In addition to the podcasting patent, Personal Audio also claims to own other basic audio technology. Personal Audio sued Apple over the iPod’s function to create playlists.

After a 2011 trial, a jury awarded the patent-holding company $8 million.

Russia fines Google $6.75 million for Android antitrust violations

reader comments 56 Share this story Google has been fined more than £5 million (438 million rubles, $6.8 million) and told to slacken limits it places on device makers by Russian authorities who found that the search and ad giant had breached competition rules with its Android mobile operating system.On Thursday, the country's Federation Anti-monopoly Service (FAS) said that Google forced mobile phone manufacturers to include Google search on the home screen of all Android devices and bundling other services with Google Play, while preventing manufacturers from pre-installing competing services. The case was opened in February 2014, when one of those rivals, Yandex, filed an official complaint against Google. Last year, the authorities decided that it had broken Russian competition law.

The ruling was upheld again in March, when Google lost an appeal. FAS said in a statement that Russian law applies to all companies operating in the country. The fine—standing at almost £5.25 million—is small change compared to the Internet behemoth’s $74.5 billion global annual turnover. Russian authorities may only fine up to 15 percent of domestic earnings. “We have received notice of the fine from FAS and will analyse it closely before deciding our next steps.
In the meantime, we continue to talk to all invested parties to help consumers, device manufacturers and developers thrive on Android in Russia,” said Google's press office. Google faces similar antitrust charges in the European Union, where potential penalties are more severe. In April, competition commissioner Margrethe Vestager sent a Statement of Objections to the company saying Google had abused its dominant position by imposing restrictions on Android device makers and ordering it to clean up its act or face a fine of up to 10 percent of its annual turnover. While Russia's fine against Google is tiny, an order from the FAS demanding that the ad giant change the restrictions it places on device makers in the country could prove to be more damaging.

Google is appealing against the order, with a hearing scheduled for August 16. This story was updated after publication with comment from Google. This post originated on Ars Technica UK

States win the right to limit municipal broadband, beating FCC in...

FCCreader comments 40 Share this story The Federal Communications Commission has lost in an attempt to preempt state laws that restrict the growth of municipal broadband networks. The FCC in February 2015 voted to block laws in North Carolina and Tennessee that prevent municipal broadband providers from expanding outside their territories.

The FCC, led by Chairman Tom Wheeler, claimed it could preempt the laws because Congress authorizes the commission to promote telecom competition by removing barriers to investment. But this was a risky legal argument, as the FCC has no specific authority to overturn state laws. Officials in both states appealed the FCC decision, and today a three-judge panel of the US Court of Appeals for the Sixth Circuit ruled in favor of the states (full text). "The FCC order essentially serves to re-allocate decision-making power between the states and their municipalities," judges wrote. "This is shown by the fact that no federal statute or FCC regulation requires the municipalities to expand or otherwise to act in contravention of the preempted state statutory provisions.

This preemption by the FCC of the allocation of power between a state and its subdivisions requires at least a clear statement in the authorizing federal legislation.

The FCC relies upon Section 706 of the Telecommunications Act of 1996 for the authority to preempt in this case, but that statute falls far short of such a clear statement.

The preemption order must accordingly be reversed." The decision was essentially unanimous, with judges John Rogers, Joseph Hood, and Helene White all voting to reverse the FCC's order. White concurred in part and dissented in part, writing a separate opinion to address a few issues not covered in the majority opinion. The loss is a big one for Wheeler.

The FCC voted through his net neutrality rules and the muni broadband decision on the same day; he called it “the proudest day of my public policy life.” The FCC's net neutrality decision was upheld by a federal appeals court, but a win on the state law preemption would have allowed Wheeler to make a bigger impact on boosting broadband competition in the United States. About 20 states have laws restricting the rights of cities and towns to compete against private Internet service providers. Municipal ISPs in Tennessee and North Carolina wanted to expand outside their territories but were blocked from doing so by state laws, and thus asked the FCC to preempt the statutes.
If the FCC had won, cities and towns in other states could have followed suit and asked the FCC to overturn restrictive laws throughout the nation. FCC will review legal and policy options The FCC could ask for an en banc review in front of all the Sixth Circuit judges, or appeal to the Supreme Court. "The FCC’s mandate is to make sure that Americans have access to the best possible broadband," Wheeler said in a statement today. "We will consider all our legal and policy options to remove barriers to broadband deployment wherever they exist so that all Americans can have access to 21st Century communications." Wheeler further said that the judges' ruling "appears to halt the promise of jobs, investment and opportunity that community broadband has provided in Tennessee and North Carolina." Communities that want better broadband, he said, "should not be thwarted by the political power of those who, by protecting their monopoly, have failed to deliver acceptable service at an acceptable price." The FCC had claimed that its preemption authority "falls within the 'measures to promote competition in the local telecommunications market' and 'other regulating methods' of section 706(a) that Congress directed the Commission to use to remove barriers to infrastructure investment." The FCC argued that Congress doesn't need to "explicitly delegate" the authority to preempt state laws, but failed to persuade judges. Tennessee argued that the FCC order violated the Constitution by "infringing on the state’s right to determine the boundaries of its political subdivisions," judges noted.

Tennessee and North Carolina further argued "that even if Congress has the power to authorize such orders, it has failed to provide the necessary clear statement as required by Nixon," referring to Nixon vs. Missouri Municipal League, a Supreme Court case from 2004. "The latter argument is persuasive, at least where—as here—the FCC order purports only to restrict the states’ power to make decisions for municipalities that the FCC does not otherwise forbid," judges wrote.

Jeremiah Grossman: Focus on ransomware, SDLC, and endpoints

With so many elements in information security -- application, network infrastructure, the endpoint, perimeter defenses, and data-centric approaches -- it's easy to fall in the trap of touting one as more important than the other. But it's a mistake to consider information security as a series of silos when it's actually an intersection of different areas. That overlap is most evident with application and endpoint security. For Jeremiah Grossman, the new chief security strategist at security vendor Sentinel One, application security and endpoint security are just different steps in the kill chain. As the founder and former CTO of the consultancy WhiteHat Security, Grossman has been the go-to-expert for web application security for years, and his new focus on endpoint security at Sentinel One does not mean that he has given up on securing web applications. Jeremiah Grossman "From an adversary kill-chain perspective, if we can get the bad guys not to be able to break into the website, great, let's do that. But if we can't, let's makes sure that if the system gets compromised and malware is on it, we can detect it really, really quickly and stop it, or eradicate it," Grossman said. Many of the latest data breaches began with the adversaries exploiting a vulnerability in a web application, and then pivoting in the network to find other vulnerabilities and weaknesses. The web application is the doorway, but the actual attack happens on the endpoint, whether that's valuable data stored in a database or, in the case of ransomware, documents that could be locked up to demand ransom. Web application security and endpoint security are intricately tied up together, he said. Back in 2001, when Grossman first started working on web application security, cross-site scripting flaws and SQL-injection errors were rampant, with pretty much every website affected. Fast-forward to 2016, and such attacks are incredibly rare among major sites. Cross-site scripting and SQL injection still exist on many websites, but it's no longer as widespread. App security still matters, but SDLC has to be done judiciously Information security professionals frequently talk about inserting security throughout the SDLC (software development lifecycle): Developers adopt secure coding principles and perform regular testing to catch and fix bugs before the application goes to production. The SDLC is a good thing, and more organizations need to adopt the secure development mindset. But it isn't practical to demand all existing applications be rewritten under the SDLC. Legacy software, which powers the majority of the web and is installed on billions of endpoints around the world, has vulnerabilities. Fixing those flaws is part of what Grossman calls "legacy janitorial work." No company can shoulder the cost of rewriting all their applications and starting over with a secure coding mindset. And then there are all the open source projects out there for which there's often no one to shoulder any such legacy janitorial work. Microsoft is frequently touted as the poster child for how SDLC makes a difference, but that's an interesting -- and possibly unrepeatable -- case, Grossman said. The Microsoft that said it was going to start over and make its applications more secure was a monopoly, dominated the industry, had strong market share, and had "multiple billions" in the bank to spend on the effort, he noted. That's not the case for most companies faced with the prospect of revamping their software portfolio. And today, a decade after Microsoft made that commitment, Microsoft itself couldn't likely make that commitment. "No one's going to disagree that the later versions of Windows, from Windows 7 to now, are solid. Microsoft did really good work. But what was the ROI for Microsoft in that?" Grossman said. Instead of trying to revamping all the software, the effort should be two-pronged: 1) improve the process for remediating vulnerabilities as they are found, and 2) run new code, or actively managed code, through the SDLC.  That doesn't mean just incorporating SDLC elements, but also assessing the effectiveness of the new practices. "After you do a whole bunch of SDLC stuff, does the software actually come out more secure? If so, by how much? And is it worth it?" Grossmand said. Security investments aren't going where they're most needed The industry has made progress finding vulnerabilities, but the immensity of the web -- at a billion-plus websites strong -- means the cleanup effort is going to take a lot of time and resources. That means there will be more compromises, attacks, and infections in the meantime. While the industry focuses the efforts toward fixing vulnerabilities and writing new code, there has to be a parallel effort to improve endpoint security to block the adversaries. "You could compromise a company just by sending an email. That's a pretty attractive route" for criminals, Grossman said. "The spending models are all backward," Grossman said. Enterprises spend most of their IT budgets on software, followed by endpoints, and very little on networks, whereas the lion's share of the IT security budget goes to perimeter defenses, such as firewalls and endpoint security, and very little is spent on software.  Ransomware must be tackled now, before it's too late Organizations need to look at what the adversaries are doing and allocate efforts and funding accordingly. And right now, the adversaries are looking at ransomware. The FBI has estimated payments of $23 million to $25 million were made to ransomware gangs in 2015, but that figure has ballooned to more than $200 million in the first quarter of 2016 alone. That's a staggering growth rate, especially since the latest research indicate ransomware still account for less than 5 percent of overall malware attacks. While ransomware itself might not account for a big portion of the overall malware scourge, it is a serious problem, and creative minds need to start thinking of new methods and techniques to detect and foil these infections. "While we're still going to have the big malware problem overall, we're going to have another one in the form of ransomware," Grossman predicted. Worse, it's not as if the general malware problem has been solved: Despite nearly $8 billion to $12 billion spent annually fighting malware, malware is rampant, he said. Still, the latest anti-ransomware efforts, such as what Grossman will work on as part of his new role at Sentinel One, are an opportunity for information security professionals to get ahead of a problem before it becomes entrenched. There's no need to wait for ransomware to get bigger as a problem before coming up with new solutions. "We always seem to be ambulance chasers. But ransomware, we can see it coming. It's right there," Grossman said. Grossman believes ransomware will be a billion-dollar market by 2018, and at that point it will be too late to do something about it. "We can fight an uphill battle, but for those who want to get ahead of it, we can do it now," Grossman said. The web is too valuable not to actively protect Many in the security industry, whether they came into the field by design or by accident, view the work as a calling. The web is the "greatest invention we'll see in our lifetime," Grossman said, who called it his mission to protect it and the billions of people using it every day. Whether that's endpoint security or fixing vulnerabilities in web applications, the end result is the same. "I want to be able to protect people, protect websites, protect the web. It's that important. We're all using it today," he said.