According to the motion filed in the Superior Court in Montreal late Tuesday, Zero-Knowledge is seeking $7 million in damages and a “”permanent injunction enjoining IBM from their unlawful activities.””
Zero-Knowledge claims that IBM is responsible for copyright infringement of a type of XML called Enterprise Privacy Markup Language (EPML). According to the company, its Enterprise Privacy Unit division developed the language between June 2001 and February 2002 as a standard for writing enterprise privacy policies. The division is now known as Synomos Inc. and was officially spun off as a wholly-owned subsidiary of Zero-Knowledge last week.
According to the Zero-Knowledge motion, IBM published the specification on its Zurich Research Laboratory Web site as early as March 2003 without consent. The motion says that on Nov. 10, 2003, IBM submitted the specification to the World Wide Web Consortium for approval and adoption without consent from Zero-Knowledge or acknowledging the company’s contribution.
IBM had no comment on the motion.
“”We’ve taken the first step and now we’re going to let things run their course through the courts and through discussion,”” said Zero-Knowledge spokesperson Craig Silverman. “”Obviously it’s a matter that needs to be before the courts and we’re looking forward to having our day in court to resolve this.””
Alain Adam, a lawyer with Smart & Biggar in Ottawa who is handling the case on Zero-Knowledge’s behalf, refused to comment.
The specification under dispute is mentioned on a Zero-Knowledge Web site page describing Enterprise Privacy Manager, which is designed to define, implement and manage corporate privacy policies. “”To interact with other enterprise applications, EPM expresses your policies using an XML-based language, Enterprise Privacy Markup Language (EPML),”” the page says.
IBM’s Zurich site does not mention EPML but enterprise privacy authorization language (EPAL). Big Blue describes EPAL as an enhancement to the W3C’s platform for privacy preferences (P3P ) standard that extends enterprise control over privacy policies. “”This ‘write policy once, deploy it everywhere’ strategy enables the enterprise to ensure that its data handling practices match its external privacy obligations,”” the site says. The language was presented at the Burton Catalyst Conference in San Francisco almost a year ago.
A group of North Carolina State University students working in conjunction with IBM has developed the Privacy Authoring Editor as an open source project that is available on SourceForge.net that is used to author and edit privacy policies using EPAL.
The legal action marks a breakdown in a long-standing partnership between IBM and Zero-Knowledge Systems that stretches back to 2000, when the two firms agreed to install 1,000 IBM Netfinity 4000R servers running Zero-Knowledge’s Freedom software at ISP and telecommunications nodes throughout the world. Traffic running under Freedom was linked to untraceable digital identities called “”nyms”” rather than user’s true identities, and was encrypted and routed through a network of servers dubbed the Freedom Network that was hosted by a string of international ISPs.
Zero-Knowledge, which was founded in the late 1990s, has undergone a series of strategic shifts since then, shutting down the Freedom Network in 2001 to focus more on enterprise security offerings.
–With files from Shane Schick