"Spy scandal" - EPO hits the news in Germany


Merpel loves dreaming up eyecatching headlines, but for once the work has been done for her by the experts at the Süddeutsche Zeitung. (For those not familar with the title, the Süddeutsche Zeitung is the largest German daily newspaper, so Merpel is treating this story on a par with something published in the Telegraph, or the New York Times.)

Merpel suspects that this rather jovial photo, 
 accompanying the online article, was not
taken after Mr Battistelli read this morning's
 newspaper. Photo: Alessandra Schellnegger
In brief, the SZ reports in the article translated below (original here) that computers on the EPO premises which were available for use by the public, by attorneys visiting the office, and by members of the Administrative Council, had keylogger software installed. Keylogger programs surreptitiously record all user inputs and may also take snapshots of your screen and photos of the user operating the computer. 

This flagrant invasion of privacy comes in the wake of evidence that Mr. Battistelli has engaged a firm specialising in counter-surveillance and threat monitoring. Not because of any imminent terror threat, mind you: all this came about originally because it was suspected that an employee was circulating material alleged to be defamatory. One cannot help thinking in terms of the old cliche about using a sledgehammer to crack a mouse.

Merpel, who has grown rather tired of appealing to the Administrative Council members to hold the EPO management to the same governance standards as would be required in their own national Patent Offices and civil services, wonders if this latest news will convince some of those on the fence that a more robust approach is required when they next attend an AC meeting at the EPO.
 
Merpel extends heartfelt thanks to a couple of anonymous eagle-eyed readers who not only sent her copies of the article, but who also supplied their own translations, one of which is set out below.
Spy scandal


The European Patent Office carried out secret surveillance on employees using keyloggers
·         At the headquarters of the European Patent Office (EPO) two publicly accessible computers were fitted with cameras and surveillance technology during a period of several weeks.
·         They were used in an internal procedure which involves a patent judge who is accused of having disseminated defamatory communications about the President of the EPO and other managers over a period of months.
·         However, the action also affected many employees of the EPO, perhaps even members of the Administrative Council.
by Katja Riedel
The President of the European Patent Office (EPO) is set to travel to Brussels next week. There he will be received by the Legal Affairs Committee for "an exchange of views" according to the agenda. Benoît Battistelli is supposed to speak about the latest developments in patent law, the new patent courts and various other reforms.
There should be no lack of subjects for discussion in view of the ongoing state of crisis between Battistelli and many of the approximately 7,000 employees in Munich, Berlin, Vienna and The Hague. Since Battistelli initiated an extensive reform programme, which amongst other things has completely restructured the EPO’s career system, there have been vehement confrontations. Now a new and awkward subject has been added to the list: allegations of covert surveillance.

According to an internal document which the SZ has seen publicly accessible computers were placed under surveillance at the EPO towards the end of last year: by means of cameras and so-called keyloggers. This allows the recording of what the user types, which pages he accesses and how he communicates.

None of the users were aware that the devices had been installed

Some keyloggers are capable of taking snapshots of the screen. The camera records contemporaneously which person was operating the computer at the time in question. A particularly juicy detail here is that none of the users were aware that the devices had been installed - and the two computers which were equipped with these monitoring devices according to the confidential document of the internal investigation unit, were probably located on the first floor of the EPO headquarters at Erhardtstraße in Munich.

Namely, in a publicly accessible area, which was provided especially for the members of the
Administrative Council - the highest authority in the European patent world - on which the representatives of the 38 member states sit. The visitors to the Patent Office who typically sojourn on the first floor also include patent attorneys. On Monday [8 June 2015] the EPO declined to comment on the internal document but did not contest its authenticity.

In the document drawn up by the Head of the EPO’s investigative unit and sent to the Data Protection Officer, the reason given for the surveillance measures was a defamation campaign against the President and other managers of the Office.

In fact, since the beginning of 2013, letters accusing Benoît Battistelli, and also his Croatian Vice President Zeljko Topic, of numerous misdeeds have been circulating. There were strong indications that these letters had been sent from the two computers in question to which not only every registered visitor but also every employee of the EPO could log in via a common password. Therefore, according to the internal communication, it was not possible to identify and monitor an individual user.

Covert surveillance of the terminals in question

Apparently the internal investigators had come across IP addresses that they could assign to both of the public computers. For this reason, according to their conclusion, there was no other option but to place the two machines in question under covert surveillance. If during the agreed six-week time window between 7th November and 18th December no further defamatory material was sent, neither the pictures nor the data would be analysed, it was stated. Until then, the information that was monitored would only be available to the members of the internal investigation unit and the IT technicians.

The matter is also particularly sensitive because during the period in which the surveillance was being carried out the 142th Meeting of the Administrative Council also took place in the building, namely on 10. and 11. December 2014.  In addition, the Budget and Finance Committee also met during the period in question.
The computers are apparently located near the room where the Council meets. Whether this body and the Office Administration, i.e. Battistelli, was involved in the procedure is unclear. This is not apparent from the document. This only includes handwritten notes of two of the signatories but the signatures are missing.

Even insiders expressed reservations

In fact not only was material sent, but also a suspected letter-writer was caught - hence the data were also analysed. A member of the Boards of Appeal of the Office, a patent judge, was apparently caught in the act and Battistelli immediately subjected him to a “house ban”. This was equal to a suspension and consequently a legally impermissible interference with the independence of that department [i.e. the Boards of Appeal], which was retroactively rubber-stamped by the Administrative Council.

However, the tide of indignation ran high. Off the record even insiders expressed their reservations about Battistelli’s actions. Politicians from individual member states and patent attorneys expressed their outrage in public and even spoke of violations of fundamental rights.

The EPO declined to comment on the sensitive document citing a pending procedure as its reason. The Administrative Council is due to decide on possible disciplinary action at one of its forthcoming meetings.
Copyright: Süddeutsche Zeitung Digitale Medien GmbH / Süddeutsche Zeitung GmbH
As ever, Merpel welcomes comments, but begs to remind readers of the following:
Henceforth, in respect of all EPO-related blogposts, no comment will be posted if it is merely ascribed to "Anonymous".  Any reader wishing to conceal his or her identity must adopt a pseudonym (which should not be obscene and should not be the name, or the mis-spelling of the name, of a real person).  The pseudonym need not be an actual login name, as long as it is stated clearly at the beginning and/or end of the comment itself. This way, it will be easier for people who post later comments to identify and remember the earlier comment-poster and to recall the discussion string.  Where, as has already happened on occasion, a string carries over from one blogpost to a later one on the same or a related subject, readers will be encouraged to use the same pseudonym for the sake of continuity.