Using GraphQL? Why Facebook Now Owns You 🐲

Using GraphQL — Why Facebook Now Owns You

Update: On August 30th, Facebook engineer and GraphQL co-inventor Lee Byron said that Facebook legal is aware of the patent problem and should have more to stay soon. I’ll update this further when that happens

TL;DR

Facebook’s GraphQL spec doesn’t grant a patent license. Therefore, for reasons as set forth below, most GraphQL users infringe Facebook’s patents.

Background

I’m not into fud. Hell, I just called Facebook’s React BSD + Patents license a paper tiger. But GraphQL + patents is a tiger of a different stripe. (Sorry)

Today, Filip directed me to two GraphQL US Patent Applications (I’ll focus on 13/601796 , “Graph Query Logic”) and asked for my legal opinion. The following is my reply.

You can scroll to the end if you just want a summary. This post will be a long legal analysis for those interested. I don’t yet have the technical ability to contribute back to open source, but I do have the education and experience to offer my legal perspective as a substitute.

As a primer, I am a former IP / patent attorney licensed in Arizona (active) and California (inactive). But my love for business and programming trumped law, so I now own a car dealership and develop software for my car dealership and others. Version 2, due 2018, is built on React / Gatsby / GraphQL / Elixir / and GraphCool. Needless to say, this post hits home.

For an overview on patents and the React mess, please see my previous post. In this post, we’re going to analyze the Facebook patents and why they’re so concerning.

Schoolhouse Rock: How an application becomes a patent.

First, it’s important to get a satellite view of how this process works. It starts with the initial application. To craft the initial application, an attorney interviews an inventor. The attorney then searches for prior art that makes the claimed invention not novel or obvious. When he or she is satisfied that there is patentable material in the inventor’s disclosure, the attorney drafts claims and writes the description.

Think of claim writing like an old west land grab. You want to make the claims as broad as possible to take the most intellectual land. Your goal is to let the USPTO examiner push back on those claims and show you where you’re too broad — which land you don’t own. If the examiner doesn’t push back, you didn’t ask for enough land!

Therefore, the USPTO typically (and hopefully) rejects your application. There are many possible reasons for a rejection, but the most common are non-patentable subject matter, not novel, or the application is obvious in light of prior art.

The applicant can respond by arguing that the examiner wrongly rejected the application, amend the application’s claims to overcome the rejection, or a combination thereof. Responses are typically a combination of arguments and amendments. This process typically bounces back and forth several times before, hopefully, the examiner allows the application.

Why bore you with this? To understand and interpret a patent, you need to know its prosecution history. What is said in the prosecution history shapes the patent’s metes and bounds. Likewise, what’s not said is just as important. And with Facebook’s application, the lack of definitions is chilling.

Facebook’s GraphQL Patent, 13/601796.

Facebook’s patent application is allowed. It will become an issued patent any day. I’ll refer to it as a patent, but if you’re searching, it’s still an application and 13/601796 is the application number.

This patent is infringed if every element is practiced. I’ll put my practicing interpretation in brackets. Here’s Facebook’s claim:

1. A computer-implemented method comprising:
storing one or more graphs associated with a social-networking system [GraphQL schema … more on social networks below], each graph comprising one or more nodes arranged in a hierarchical format [GraphQL Node], the one or more nodes representing one or more data items [Persons Type], respectively, each data item being of a particular data type of a plurality of data types [Int, Comments, etc];
receiving, from a third-party system, a call to an API, the call comprising a first query requesting a definition of the first data type, the first query being expressed in a language having a first hierarchical format [Introspection query];
sending, to the third-party system in response to the first query, the definition of the first data type, wherein the definition comprises (1) a name for the first data type, (2) a description for the first data type, and (3) for each of one or more fields of the first data type, a name and description of the field [Introspection query result];
receiving, from the third-party system, a second query, the second query requesting one or more of the data items associated with the first data type [GraphQL query];
retrieving the requested data items of the first data type from the graphs [Resolver];
validating the retrieved data items by determining whether the retrieved data items are associated with the first data type [Resolver / GraphQL type checking];
arranging the requested data items of the first data type in a second hierarchical format [GraphQL response];
and sending, to the third-party system in response to the second query, the requested data items of the first data type arranged in the second hierarchical format [sent GraphQL response].

You can quibble with my claimed element interpretation, but I think we can largely agree that the above patent covers nearly every GraphQL implementation.

What’s a “social networking system?”

“Social networking system” probably jumped off the page when you read it. What is it and what does it mean?

The first place to check is the patent’s specification. Patent writers are their own lexicographers and can define words, even in non-standard ways. But “social networking system” isn’t in the patent’s specification.

In fact, “social network system” wasn’t added until the very end. Facebook added it to overcome the USPTO’s last objection. Specifically, the examiner said:

The claim(s) is/are describe a process of storing, receiving, retrieving, organizing and transmitting data. Storing one or more graphs where nodes are arranged in a hierarchical format, receiving a query requesting for each of one or more specific data items in the graphs, retrieving the specific data items from the graphs; arranging the specific data items in a hierarchical format; and sending the specific data items in response to the first query. These steps describe the abstract idea of collecting, comparing, organizing, storing, formatting and transmitting data. Collecting, comparing, organizing, formatting, storing and transmitting data as described in the claims can be performed in the human mind (mentally) or by a human using a pen and paper. The steps are similar to concepts and ideas that have been identified as abstract by the courts.
The additional elements when considered both individually and as a combination do not amount to significantly more than the abstract idea. The claim recites the additional elements of a transmission (sending) server with a memory to store data and a processor to perform the receiving, comparing, organizing, formatting and transmitting steps. The transmission (sending) server is recited at a high level of generality and only performs generic functions of manipulating information and transmitting that information to a remote computer. Generic computers performing generic computer functions, without an inventive concept, do not amount to significantly more than the abstract idea. The type of information being manipulated does not impose meaningful limitations or render the idea less abstract. Looking at the elements as a combination does not add anything more than the elements analyzed individually. Therefore, the claim does not amount to significantly more than the abstract idea itself. The claim is not patent eligible.

The examiner and Facebook’s law firm then spoke on the phone to discuss the above rejection and how to proceed.

Examiner suggested . . . to advance the prosecution of this application: 1) Add the following limitations in claim 1: ‘a) graphs associated with a social-networking system’ . . . .

That’s the only mention of the phrase before it appears in the amended claims. Adding “social-networking system” made the claim patentable subject matter.

Since it’s not defined in the spec and there’s no prosecution history, terms are given their plain meaning. Plain meaning refers to the ordinary and customary meaning given to the term by those of ordinary skill in the art.

What do we think “social-networking system” means? We are those of ordinary skill in the art. Take my use case. My application has users. The user model is a graph. My users can post about cars, send messages and interact with other users (employees). Is that a “social-networking system?” Quite possibly.

Implications of GraphQL Patents

They’re wide ranging and scary. Assuming that your implementation practices all claimed elements and you have some kind of social network, it’s likely that you’re infringing Facebook’s patents. And now that the patent is issued, it will be given the presumption of validity in court. The USPTO may have issued the patent in error, but it will be the Defendant’s job to prove the error. No thanks.

The safest way forward is to use Facebook’s JS reference GraphQL implementation for the patent grant. The patents I’ve reviewed are focused on the server, so I don’t see any infringement (yet) with other GraphQL clients like Apollo.

But if I owned GraphCool (❤️ you guys!) or another GraphQL as a service or a GraphQL server implementation (Apollo Server, Sangria, etc), these patents would shake me to the core as a potential contributory infringer. (I’d love to hear from GraphCool or MDG counsels on this issue)

That said, I’m not changing course for my business. These patent applications started before they decided to open source GraphQL, and once the patent machinery starts, it goes through completion. I don’t believe that Facebook has any intention to sue. But that’s just my belief in Facebook’s version of “don’t be evil.” If you don’t want to risk your business on that assumption, I understand.

Summary

For the reasons set out above, most GraphQL users are likely infringing Facebook’s patents. Facebook should immediately include a patent grant into the GraphQL spec to stop justified panic and GraphQL abandonment.