See "Researchers link QWERTY keylogger code to NSA and Five Eye's Regin espionage malware"

Summary: The European Patent Office (EPO) finds itself at the centre of attention (unwanted attention) because of rogue activities

A FEW hours ago we wrote about the EPO's use of keyloggers, a practice so controversial (to say the least) that one can end up locked up in a cell for using it. Süddeutsche Zeitung, which wrote about the EPO before, is really putting some big pressure on the EPO right now (perhaps someone will resign soon). The German article has just been published by IP Kat in English. For our record we present it below:

The European Patent Office carried out secret surveillance on employees using keyloggers

€·         At the headquarters of the European Patent Office (EPO) two publicly accessible computers were fitted with cameras and surveillance technology during a period of several weeks.

€·         They were used in an internal procedure which involves a patent judge who is accused of having disseminated defamatory communications about the President of the EPO and other managers over a period of months.

€·         However, the action also affected many employees of the EPO, perhaps even members of the Administrative Council.

by Katja Riedel

The President of the European Patent Office (EPO) is set to travel to Brussels next week. There he will be received by the Legal Affairs Committee for "an exchange of views" according to the agenda. Benoît Battistelli is supposed to speak about the latest developments in patent law, the new patent courts and various other reforms.

There should be no lack of subjects for discussion in view of the ongoing state of crisis between Battistelli and many of the approximately 7,000 employees in Munich, Berlin, Vienna and The Hague. Since Battistelli initiated an extensive reform programme, which amongst other things has completely restructured the EPO’s career system, there have been vehement confrontations. Now a new and awkward subject has been added to the list: allegations of covert surveillance.

According to an internal document which the SZ has seen publicly accessible computers were placed under surveillance at the EPO towards the end of last year: by means of cameras and so-called keyloggers. This allows the recording of what the user types, which pages he accesses and how he communicates.

None of the users were aware that the devices had been installed

Some keyloggers are capable of taking snapshots of the screen. The camera records contemporaneously which person was operating the computer at the time in question. A particularly juicy detail here is that none of the users were aware that the devices had been installed - and the two computers which were equipped with these monitoring devices according to the confidential document of the internal investigation unit, were probably located on the first floor of the EPO headquarters at Erhardtstraße in Munich.

Namely, in a publicly accessible area, which was provided especially for the members of the Administrative Council - the highest authority in the European patent world - on which the representatives of the 38 member states sit. The visitors to the Patent Office who typically sojourn on the first floor also include patent attorneys. On Monday [8 June 2015] the EPO declined to comment on the internal document but did not contest its authenticity.

In the document drawn up by the Head of the EPO’s investigative unit and sent to the Data Protection Officer, the reason given for the surveillance measures was a defamation campaign against the President and other managers of the Office.

In fact, since the beginning of 2013, letters accusing Benoît Battistelli, and also his Croatian Vice President Zeljko Topic, of numerous misdeeds have been circulating. There were strong indications that these letters had been sent from the two computers in question to which not only every registered visitor but also every employee of the EPO could log in via a common password. Therefore, according to the internal communication, it was not possible to identify and monitor an individual user.

Covert surveillance of the terminals in question

Apparently the internal investigators had come across IP addresses that they could assign to both of the public computers. For this reason, according to their conclusion, there was no other option but to place the two machines in question under covert surveillance. If during the agreed six-week time window between 7th November and 18th December no further defamatory material was sent, neither the pictures nor the data would be analysed, it was stated. Until then, the information that was monitored would only be available to the members of the internal investigation unit and the IT technicians.

The matter is also particularly sensitive because during the period in which the surveillance was being carried out the 142th Meeting of the Administrative Council also took place in the building, namely on 10. and 11. December 2014.  In addition, the Budget and Finance Committee also met during the period in question.

The computers are apparently located near the room where the Council meets. Whether this body and the Office Administration, i.e. Battistelli, was involved in the procedure is unclear. This is not apparent from the document. This only includes handwritten notes of two of the signatories but the signatures are missing.

Even insiders expressed reservations

In fact not only was material sent, but also a suspected letter-writer was caught - hence the data were also analysed. A member of the Boards of Appeal of the Office, a patent judge, was apparently caught in the act and Battistelli immediately subjected him to a “house ban”. This was equal to a suspension and consequently a legally impermissible interference with the independence of that department [i.e. the Boards of Appeal], which was retroactively rubber-stamped by the Administrative Council.

However, the tide of indignation ran high. Off the record even insiders expressed their reservations about Battistelli’s actions. Politicians from individual member states and patent attorneys expressed their outrage in public and even spoke of violations of fundamental rights.

The EPO declined to comment on the sensitive document citing a pending procedure as its reason. The Administrative Council is due to decide on possible disciplinary action at one of its forthcoming meetings.

Merpel added: "This flagrant invasion of privacy comes in the wake of evidence that Mr. Battistelli has engaged a firm specialising in counter-surveillance and threat monitoring. Not because of any imminent terror threat, mind you: all this came about originally because it was suspected that an employee was circulating material alleged to be defamatory. One cannot help thinking in terms of the old cliche about using a sledgehammer to crack a mouse."

"Merpel, who has grown rather tired of appealing to the Administrative Council members to hold the EPO management to the same governance standards as would be required in their own national Patent Offices and civil services, wonders if this latest news will convince some of those on the fence that a more robust approach is required when they next attend an AC meeting at the EPO."

Our own remarks on it can be found in our prior article about it. ⬆

Update (15/6/2015): There are now more translations, including in additional languages, namely French and Dutch [PDF].