Revelations from insiders

Summary: The confidentiality principle was compromised at the EPO and stakeholders weren't told about it (there was a coverup)

A recent software issue concerning the EPO’s on-line filing services has affected at least 100 cases. On the EPO website it was described as “unexpected behaviour of the Online Filing software”. Internally it was called a “leakage”. While the incident may have affected the privacy of patent attorneys, law firms and applicants, the EPO users were not informed about these risks. Users were simply advised to install a software update as soon as possible.

The public announcements:

On 26 April 2019 users of the EPO’s on-line services were informed about a software issue:

Problems with Online Filing

We are experiencing unexpected behaviour of the Online Filing software. In order to avoid any impact on user operations and data, users are asked to check carefully the acknowledgment of receipt and inform the EPO Customer Services immediately in case of any irregularities. A software patch fixing the issue (epptch5464) has been prepared and is available for download.

We apologise for any inconvenience.

A new on-line filing software was made available later on the same day, together with the following message:

Online Filing software – new update now available

26 April 2019 update

The EPO is pleased to inform users of its Online Filing software that a replacement EP update 5.0.11.174 for Version 5.11 (build 5.0.11.173 or lower) is now available for download. This update replaces, but does not require deinstallation, of the previous updates issued on 1 April 2019 and 15 April 2019 and also resolves issues announced on 26 April 2019.

Users are advised to install this update as soon as possible.

Users who have activated the Live Update function will be notified automatically.

We apologise for any inconvenience.

The internal communication:

The following message was sent to a number of EPO managers and staff at the end of April 2019:

Support: The update of on-line filing (OLF) released on 01.04.2019 caused documents that were not attached by the user to the submissions to be nonetheless included with the submission and loaded into the TOC as INCANNEX. The package has since been withdrawn (Online Services) but it cannot be excluded that users having installed it have continued using it thereafter. D132 [Patent Procedures Management] has informed FOs [Formalities Officers] about the issue, and coordinated with OCFDs [Opposition and Central Formalities Directorates] for dealing with the 100 cases already affected by the leakage; the cases have been pointred [sic!] out by a query run by BIT [Business Information Technologies]. The internal process to deal with this emergency has worked smoothly thanks to the collaborations of all stakeholders (OCFDs, BIT and D132).

The principal issue is that confidential documents which are submitted to the EPO (via on-line filing) by accident are not recognised as confidential matter. There is no check in place for this purpose. It happened that private documents were published on the EPO website by accident. It is not known whether any of the applicants, law firms or patent attorneys was harmed by these incidents. Other incidents may not yet have been discovered. While the bug was discovered in the second half of April 2019, it is not known at what date and with which software version it was introduced. ⬆