Much of the online discussion has focused on the merits of the suit.  Oracle officially acquired Sun Microsystems early this year.  Sun originally developed Java and, over time, released most of the platform into the open source ecosystem.  Patents that were filed may have been a defense against litigation or even a joke.  And Google has licenses for those patents.  So the question here revolves around whether, by strict or loose interpretation, Google violated its licenses, but the vagueness and generality of Oracle’s complaint [pdf] (and press release) renders most of this analysis speculative pending additional clarification.  (More discussion on the open source backdrop is available here and here, and counterpoint here.)

However, the remedy Oracle wants couldn’t be more clear.  It asks for monetary damages to compensate it for its financial losses and punitive damages because it alleges Google “knowingly,” i.e. intentionally, violated its IP rights.  In addition, Oracle requests “[a]n order permanently enjoining Google, its officers, agents, servants, employees, attorneys and affiliated companies, its assigns and successors in interest, and those persons in active concert or participation with it, from continued acts of infringement of the patents and copyrights at issue in this litigation” and “[a]n order that all copies made or used in violation of Oracle America’s copyrights, and all means by which such copies may be reproduced, be impounded and destroyed or otherwise reasonably disposed of.”  The last one is the kicker: just like TiVo’s demand of EchoStar, Oracle wants the court to tell Google to reach into Android owners’ handsets and rip out the offending material, leaving innocent consumers with a gutted shell — and the remainder of their two-year service contract.

The destruction remedy applies only to the copyright claim.  If the case goes to trial a jury could conceivably find Google liable for patent infringement but not copyright violation.  And even if it did, the district judge has discretion over what relief to grant.  Plus, the appeals process could hack back overbearing damages.

But as long as it is on the table, the availability of such a remedy is a very big stick.  Even if Google believes it should win the suit, betting on that outcome doesn’t make sense if it means risking having to destroy consumers’ phones or fighting a long and uncertain legal battle after the destruction provision is awarded, instead of paying conventional monetary damages.

Google has seen how a similar fight has played out for EchoStar.  EchoStar attempted to comply with the court order by sending DVR boxes an update that replaced the infringing technology with noninfringing parts, leaving intact the DVRs’ functionality.  The Federal Circuit said “no dice,” the remedy was disablement of the DVRs, and that alone would suffice.  EchoStar continues to refuse to disable its customers’ DVRs and has been held in contempt and fined $200 million.

The Federal Circuit has agreed to rehear EchoStar’s case en banc.  And in the interim, the U.S. Patent and Trademark office has invalidated the very patents TiVo claimed EchoStar infringed. (TiVo is appealing the ruling; until its appeal is exhausted, the patents remain in force.)  And the FTC has stepped in to give the circuit court some guidance, filing an amicus brief urging it to consider how specific sanctions will impact innovation across the technology industry.

The availability of destruction as a remedy smothers innovation.  If Oracle can’t strong-arm Google into settling but wins at trial and is awarded the destruction provision (and it survives appeal and Google eventually capitulates instead of balking and riding a series of contempt proceedings into a draconian post-litigation settlement or bankruptcy), (1) consumers would have their phones replaced with bricks and think twice before buying new tech again; (2) Android developers would see their platform and all their apps evaporate; and (3) in the future, companies would likely waste time reinventing the wheel to avoid Google’s court-ordered fate rather than developing new technologies.  There is a storm brewing, brought on by the rise of tethered appliances and the thicket of software patent regulation.

—By Jennifer Halbleib

Disintegrating Droids. The Droid X comes pre-loaded with eFuse technology, which prevents it from booting with unapproved software. Motorola points out that triggering eFuse doesn’t permanently disable the phone — it can re-boot once approved software is reinstalled. Much better.

Neighborhood watch for software vulnerabilities. At the Black Hat security conference last week, Microsoft advocated for cooperation between software companies, researchers, and security vendors to share information on flaws and patches in order to keep users safe. Perhaps cross-pollination at the meeting will spread the idea of mutual aid to website owners as well.

Researcher remotely hacks ATMs. Also at Black Hat, a security researcher demonstrated that he could remotely order stand-alone ATMs to spew cash. While causing a remote ATM to dispense money at will is less appealing to the average thief than cracking open a proximate machine, an accomplice with a laptop in a van nearby could make it a profitable endeavor.

Apple rejects iPad magazine subscription app. Apple has nixed an app from Time, Inc. that would have allowed iPad owners to purchase a digital subscription to Sports Illustrated. Peter Kafka of Media Memo hypothesizes that Apple doesn’t want to give magazine publishers the access to personal user information they would have with an app. But publishers are likely salivating over the targeted advertising potential of mining that data. Plus, single-issue sales through iTunes are cumbersome and inefficient. There may be a confrontation brewing, unless publishers are willing to be satisfied with whatever options Apple grants them.

Facial recognition and next generation privacy. David Thompson gives an update on the progress of facial recognition software and its implications for privacy 2.0.  In addition to describing the revolution in surveillance capabilities that occurs when a person can be identified on any security camera feed or in any of the more than three billion photos on Flickr, he notes that Face.com released an API last month, allowing developers free access to its facial recognition technology and the green light to adapt it for new uses.  Here’s hoping the appropriate norms evolve in tandem.

Defamation liability: please fwd. A bankruptcy court in Texas has ruled that forwarding an email link can be considered defamation.  The defendant in the case didn’t send a copy of the actual content, just a link to a website.  Neither had he written any of the defamatory content on the website.  It’s unlikely that the ruling will survive an appeal, since forwarding a link probably doesn’t amount to the required element of “publication” under a traditional interpretation of defamation law.  Still, it’s something to think about the next time there’s a link to a juicy tabloid story in your inbox.

Shifting foundations of the App Store. Apple continues to indulge its discretion when it comes to approving iOS apps.  This time it pulled an app for being “widget-like,” despite approving three previous versions.  The frustrated developer asks “How can a company be prepared to invest into a platform that can change at any time?“

It Gets Worse: Apple Censors a Gay Kiss in Oscar Wilde Comic. In another Apple censorship story, the company appeared to block out a kiss in a comic book because two men were doing the kissing. To be fair, it’s not entirely clear to me from the pictures in the article whether the same-sex kiss was the cause of the blackout, but the author claims that similar opposite-sex scenes have gone unchanged in other comic books. As he says, “the more examples I see of Apple’s capricious censoring, the less funny it is.”

Steve Jobs at D8: Post-PC era is nigh. In the introduction of the book, JZ predicted that Steve Jobs, having launched the PC era, was about to usher it out. Now, Jobs says the same thing. According to him, “PCs are going to be like trucks … they are still going to be around,” but “one out of x people will need them.”

TiVo’s ‘Big Win’ Over Dish On Patents Looking Less And Less Solid, As Patent Office Rejects Patent Claims. Update in the TiVo-EchoStar battle: we may never find out if EchoStar will actually have to remotely kill already-purchased DVRs, because the Federal Circuit is rehearing the original patent claims en banc.

—By Jennifer Halbleib and Elisabeth Oppenheimer

Communicating with the e-book mothership. If the latest must-read on Kindle is dotted with typos or has a few pages missing, there’s a good chance Amazon offers a patch to correct the error. It’s a handy Internet-enabled functionality, although one can imagine at the extreme authors continuing to update their work ad infinitum, making it impossible for a reader to say he or she has read an e-book since content is always subject to change. Information flows in the other direction on the Kindle superhighway too, as Amazon apparently keeps track of what readers are highlighting. There’s some creep factor in Amazon knowing what ideas Kindle readers think are important, even if the most highlighted passages are in works as deep as The Lost Symbol. But the information is also so interesting.

The remote control. In April, Sony quietly revised the End User License Agreement that came with the latest PS3 firmware update to allow the company to change how an owner’s console operates in whatever way it wants, no notice or permission required. Now the FCC, at the request of the MPAA, has given cable and satellite providers the right to remotely disable output connections on consumers’ set-top boxes, leading consumers to ask “What did I buy?”

Curated Computing is the new name in town for the experience provided by the tablet non-PC. This particular term is meant to accentuate the “less choice, more relevance” aspects of that experience. It rolls off the tongue more smoothly than “contingently generative” and sounds less regressive than an “appliance,” but it connotes somewhat life aboard the Axiom. However, its proponents suggest that curated computing devices are meant to exist alongside and supplement traditional PCs. Let’s call that a worthy goal and the best of both worlds.

iPhone pillow talk with Steve Jobs. A ValleyWag reporter last week exchanged late-night emails with a defiant Steve Jobs on the iPhone’s ability to give people “freedom from” data theft, battery hogs, and porn. The emails speak for themselves, giving a little insight into Jobs’ perspective on the benefits and aims of the iPhone. He gets a little snarky at the end, but then again it’s 2am when he’s responding, and he never has a chance to clarify his comments, unlike the Gawker reporter.

Android outsells iPhone. During the first quarter of 2010, phones with the Android OS grabbed 28% of the U.S. market share, surpassing iPhone’s 21% (RIM’s Blackberry is still at the top with 36%).  Although Android benefited from Verizon’s buy-one-phone-get-one-free promotion and iPhone continues to lead worldwide, it appears Google is getting closer in Apple’s rearview mirror.

McAfee prevents computers from booting up in new virus-protection strategy. Centralizing security software in a few big providers concentrates expertise to solve problems, while also meaning that there are only a few–albeit strong–security systems the bad guys need to breach in order to wreak widespread havoc.  But in a previously under-appreciated risk, a flawed update of widely-used antivirus software can cut out the middleman and accomplish the same havoc directly.  A McAfee software update mistakenly identified a critical file as a virus and quarantined it, causing computers around the world, many of which automatically install updates, to repeatedly attempt to boot up.  One source estimated that 800,000 PCs were affected.

Taking [re-]generativity seriously. A Connecticut mayor donated her kidney to a Facebook friend last month after seeing his desperate status update.  The patient’s doctor had suggested that he try publicizing his need through social media, using an online connection to a forge a real-world bond.

Online newspapers to modify anonymous comment policies. Several major online news sites are considering or implementing changes in their approach to user comments.  There has been a trend toward requiring users to register, establishing ranking systems to identify trusted users, and highlighting the comments of those willing to use their real names, all in an attempt to hold commenters accountable for their statements and discourage vitriol.  Linking identity with posted opinions facilitates a reputation system to mitigate abuses of anonymity online (other examples of such strategies, and their risks, are discussed in the book).  Here it serves both to cement a user’s responsibly for his or her comments and maintain the status of a particular news site as a respected forum for discussion.

In the department of really freaky things: 80legs. 80legs pays developers to embed a bit of code in their programs to turn the user’s computer into a bot. But unlike all the malicious code that does the same thing, this one purports allow 80legs to use the botnet for good (for their web-crawling services), and is theoretically disclosed to the users. I’m skeptical—especially since, as one example indicates, the “disclosure” may be a few lines buried way down in the TOS. And who monitors whether 80legs is in fact doing good?

Crowdsourced Art. On the ubicomp front, Amazon Mechanical Turk can be used to create cool works of mass art. If you follow the link to artist Aaron Koblin’s website (who also kindly guested in last winter’s Stanford/HLS cyberlaw class), the Sheep Market is my favorite (although there was some debate about it).

Mark Fiore can win a Pulitzer Prize, but he can’t get his iPhone cartoon app past Apple’s satire police. Pulitzer-prize winning political cartoonist has his app bounced by Apple for…mocking political figures. Oh, come on. One interesting thing: this has apparently happened several times before with cartoonists; each time, there was an outcry, and Apple relented. Fiore himself isn’t arguing with Apple—he’s just sitting back and waiting for the reversal. Maybe this is the real App Store model: reject broadly, accept anything the public deems important enough to make a fuss about.

And a few links on the iPad:

The Kids Are All Right. An unusually thoughtful post on the iPad/Pod/Phone tradeoffs: the technology isn’t as generative, but distribution can be much simpler.

The Apple Two. Apple introduced the original generative PC, and is now doing away with that generativity with the iPad, among other devices. Tim Wu explains that this isn’t about a change in “Apple’s” ethos: it’s Steve Jobs’ ascendancy over Steve Wozniak.

The iPad Luddites. One more meditation on the iPad, generativty, and the inevitability of technological change. Carr points out that “[i]t’s useful to remember that the earliest radios were broadcasting devices as well as listening devices and that the earliest phonographs could be used for recording as well as playback,” and that the evolution from primitive to refined devices nearly always comes with a generativity loss. But the question is whether that loss is inevitable, whether there’s a salient difference between the PC/Internet combo and the radio, and whether we can hope for some generative and general-purpose device that tinkerers will turn to if the PC becomes more locked down.

—By Jennifer Halbleib and Elisabeth Oppenheimer

While legislation embodying these principles would clarify limits and valid procedure for U.S. government agents seeking information, it does not ultimately secure user data.  Companies that request or record personal information can sell it or otherwise use it without user authorization.  Hackers can surreptitiously acquire information from sites where it has been collected or archived.  In addition, because the Internet extends across jurisdictions, foreign states have their own rules governing data seizure which may be broader or less certain than U.S. standards.  Finally, the personal information of one person is often disclosed by others, for example on blogs or in online photo repositories.

One way a user can address the first three of these risks and assert a measure of control how his or her data is used or disseminated is to understand what information is being collected, why it is needed, and how security measures are implemented to safeguard it.  Unfortunately, this is often difficult for the average user to assess, especially considering the plethora of apps requesting access and their technical nature.  A new online resource recently launched that harnesses the power of the community to provide this information.  WhatApp compiles a database of apps, mining both the knowledge of technical experts and the experience of users.  Experts rate the apps along dimensions of privacy, security, and openness, based on a specific set of criteria.  Users review the apps on how they work in practice.  Should WhatApp be successful, it may serve not just as a tool to comment on apps, but itself affect change within the app ecosystem.  If a user has a choice of several apps to perform a specific task and makes a decision based on WhatApp’s assessment of their relative privacy and security, app developers will have to take these concerns into account to be competitive.

Both Digital Due Process and WhatApp still have to gain a critical mass to sustain the movements to their completion, whether that be legislation or a comprehensive and useful database of app privacy and security.  But at least initially, they seem to be growing steadily—another promising sign that institutional and individual members of the online community are taking initiative to maintain the Internet as a safe and open environment.  However risks to Privacy 2.0 remain, in particular how to control personal information disseminated broadly by others.  These concerns will require implementing additional ameliorative mechanisms online; JZ suggests data genealogy, reputation bankruptcy, and contextualization of information.

–by Jennifer Halbleib

Security Theory to Practice. Ross Anderson has assembled a resource with links on the myriad dimensions of psychology and security.  A sampling includes why we as users discount some risks and overestimate others, how scams ensnare us, what conditions lead us to disclose private information, and ways to make security measures usable for the average person so that they actually get used and protect the greater internet community.  Interesting and practical.

Humiliating the Pirates. In a digital adaptation of medieval stocks, the Japanese gaming company Overflow released a fake installer for its erotic game Cross Days online that contains malicious code to acquire the information of people who try to use the installer to pirate the game.  That information is then posted online until the transgressor accepts responsibility for stealing the game.  It’s unclear whether the humiliation stems from being victimized—do those who play the game generally consider themselves too smart to download a trojan?—or from being exposed as a player of erotic video games.  If the latter, will the website where user information is posted receive enough traffic (besides others who play the game, who presumably won’t “out” those posted to the world if it would expose their own identity as well) to serve as a public town square?  It also seems less legitimate as an anti-piracy tactic since the company itself is making the “pirated” program available online.

Hunch Preview. Buzz-generating start-up Hunch has launched a Twitter Predictor tool that examines a Twitter user’s account profile—who follows and is followed—and predicts the answer to a series of questions, apparently with over 80% accuracy.  The tool is intended to publicize the utility of Hunch’s forthcoming API to provide personalized recommendations.  Another example of evolving privacy norms, we as users are willing to turn over some personal data (by filling out a “taste profile” to use the service from which Hunch’s algorithm extrapolates additional information) for greater convenience.

Hacker Disables More Than 100 Cars Remotely. Even cars can be tethered appliances! A Cleveland-based company “encourages” people who have been habitually late with car payments to be more timely by remotely triggering incessant horn honking or disabling the car’s ignition when payments aren’t made. This went badly amiss when a laid-off employee of the company took revenge by remotely bricking or sounding the horns of 100+ cars.

Rebecca MacKinnon’s Testimony at the Congressional-Executive Commission on China’s hearing on “China, the Internet, and Google.” In light of the fast-evolving Google-China saga, MacKinnon’s analysis of the multi-tiered problems in China and possible solutions makes for a good read. Among other things, she claims the Chinese government has hired 280,000 people to “astroturf”—that is, support the government’s views in cyberfora. (The specific number comes from research by David Bandurski, which is unfortunately behind a pay wall.) We’ve covered small-scale astroturfing on this blog, but nothing close to that size or coordination.

Facebook Threatens Greasemonkey Script Writer. A developer came up with the bright idea of writing a Greasemonkey script (that is, one that works through the user’s Firefox browser) to remove all that useless stuff from your Facebook feed—quizzes, Mafia Wars, etc. According to the developer, Facebook abruptly killed the fan page, and is now rolling out code that messes up the Greasemonkey script. If that’s true (and that’s not clear to me; we only have one side of the story) it strikes me as overreaching—Facebook can control its site, but shouldn’t be able to control your browser.

Eleventh Circuit Decision Largely Eliminates Fourth Amendment Protection in E-Mail. As the title of this well-done Volokh conspiracy post suggests, don’t expect to defeat a government search of your email if you live in the Eleventh Circuit. The decision tracks the discussion in chapter 8 of the book, but comes to a harsher conclusion—even e-mail stored locally isn’t safe from government seizure once a copy of it has been delivered elsewhere.

Finally, there are a few new thoughts posted in the comments of the EchoStar/TiVo post.

—By Elisabeth Oppenheimer and Jennifer Halbleib

• Developers are banned from making public statements about the terms of the Agreement.
• Apps developed with the SDK can only be publicly distributed through the App Store and at Apple’s discretion.
• Reverse engineering (including what is considered fair use under copyright law) is prohibited.
• Developers cannot create an application or program that would interfere with any Apple product, not just the iPhone.
• Apple’s liability to a developer is limited to $50.
• Apple can revoke/kill an App at any time.

Google’s Android Software Development Kit License Agreement is very different from its iPhone counterpart.  Not only is there no ban on public statements, but the Agreement is itself publicly available online.  In addition, as we knew, developers don’t have to distribute apps through the Android Market or get Google’s pre-approval if they do (though Google can remove an app if it’s a security risk or violates the Agreement).  If developers don’t use the Market, Google doesn’t take a cut of the profits.

These differences can significantly affect development of the smartphone ecosystem.  On one hand there is the iPhone walled garden, aesthetic and secure but limited; on the other is the wide world of Android, with great potential for variety but also unknown risks, where rules exist, but enforcement is responsive, not preemptive.

Both models may end up coexisting, each phone attracting its own set of users.  Those choosing Android would be willing potentially to sacrifice some security – or take some responsibility for ensuring that what they install on their phone is safe – for novel functions and greater utility, not to mention the cutting-edge cool apps.  iPhone users would opt for a carefully curated set of verified apps at the expense of the most innovative, and riskiest, apps.  Apps that are both useful and safe may transition between platforms, established on Android and subsequently accepted on a case-by-case basis for the iPhone.  Apple may use Android as a testing ground to prove the security of apps that violate iPhone’s strict guidelines but are useful enough to warrant an exception.

Conversely, one of the models may be adopted entirely, the other fading from prominence into history.  For Android to prevail, developers must continue to grow the Market and users judge innovation worth the security risks.  Google itself can maximize this tradeoff by encouraging good apps and vigilantly removing dangerous ones.  But it also requires developers and users to take some responsibility.  Developers by self-policing can prevent the Market from turning into a minefield for users, both by designing secure apps themselves and using the developer community forums to maintain standards across developers within the Market.  Users will have to think before they download and provide feedback to the Market should something go wrong (or right) that can be incorporated into the decisions of other users.  In this scenario, Android would supersede the iPhone much as the Internet replaced AOL and CompuServe.

Alternatively, the iPhone may poach Android to extinction by pilfering all the best apps that Android has tested, leaving only the harmful or useless apps in Android’s exclusive domain.  Or one of JZ’s concerns may materialize – the government may realize the potential for easy control and mandate tethering or users may prefer security to generativity and choose to be penned and shepherded by Apple.

It will be interesting to see how all the players – Apple, Google, developers, users, governments, and watchdogs – influence which story prevails.  Right now, the divergence between the paths forged by Apple and Google is broad.  Will the future follow one or strike out down some middle ground?

–by Jennifer Halbleib

Canadian Android Carrier Forcing Firmware Update. A Canadian carrier wanted users to download a firmware upgrade that fixed a glitch prohibiting users from dialing 911, so it made the upgrade mandatory. Seems reasonable. But it bundled in an update that “prevent[ed] users from ever gaining root access to their phones.” Sneaky—one more way that contingent generativity really is contingent, even for savvy users.

Biggest Mobile Operators Join Forces On App Store Project. A few dozen mobile operators have come together to try to create a mobile developer’s dream: a set of standards for applications that would work across phones and mobile OSes, and a single app store (with a single approval process) in which to sell those apps. This could be a good thing if it worked—developers might have more say in big-picture application development, and single carriers or hardware manufacturers would have less ability to be a development chokepoint. (It would also be nice for consumers, generally making the smartphone world look more like the PC world.) I’d be more excited if efforts to create uniform mobile standards weren’t so difficult and historically so unsuccessful.

Demand for Android Phones Makes “Monstrous” 250% Jump. Another developer’s dream (perhaps), Android, is seeing significant growth. “Android has finally caught consumer interest,” according to a research firm. Also, Android users are almost as happy as iPhone users with their phone (72% to 77%).

Big Brother Is Here, Families Say. This story is so bizarre, I don’t know what to make of it. A school in Philadelphia gave out laptops without telling the students or their families that the cameras could be remotely activated. The idea was to use the cameras if the laptops were stolen, but one family claims a camera was used to spy on a student. If true (details are cloudy), that would (a) be mind-bogglingly dumb on the school’s part, and (b) reminiscent of this (ubiquitous cameras) and this (remote activation) in the book. Check out the Onion’s take here.

Microsoft takes the StopBadware Approach Further. Last week, MS obtained a restraining order to deactivate 277 domain names it had linked to the Waledec botnet. Severing the connection between drones and the mothership goes beyond tactics employed by the Google/StopBadware Project.  It effectively makes the targeted websites invisible, instead of slapping a prominent warning label on them. Although MS attempted to cut off only addresses used exclusively for spam, it appears that the single U.S.-based target may be a legitimate site, if a hapless drone.  While owners have the opportunity to reclaim their addresses, MS’s actions raise questions of proportionality and whether cooperation and information-sharing between prominent Internet denizens, such as MS and Google, if possible, would result in more efficient and just solutions. Their approach also highlights the tension between the need for secrecy to effectively attack the spam network and the notice usually required prior to legal action.

One step behind. Thesixtyone.com, a site that allows the public to listen to, rate, and buy largely indie music, is looking for a hacker that can break up the bot-powered voting rings seeking to game their democratic rating system.  A laudable goal, but one spammers have already begun to circumvent by using real people instead of bots.

Passing through the cloud. Katherine Boehret recently reviewed Pogoplug, a device that makes files web-accessible without actually storing them in the cloud.  While this type of solution doesn’t address data-portability concerns surrounding extraction of personal data in usable form – to allow seamless transition between social networking sites, for example – it does let the user to maintain more control over data instead of entrusting it entirely to the cloud.  This control prevents third parties from holding data hostage and from losing, allowing government access to, selling, or mining personal information; but users can still access their files from almost anywhere.

Please think twice. A website launched last week illustrates the risk of publicly sharing information online.  Pleaserobme.com aggregates Twitter posts that contain location-sharing information from Foursquare in a chronological list to show the potential for exploitation by Internet users with malicious intentions.  While it’s probable that only a small set of burglars will take advantage of this information, the site is an example of a grassroots campaign to raise awareness of potential problems for users who don’t recognize how the information they freely give can be mined.  Whether this awareness leads them to alter their behavior or simply “get over it” is up to the individual.

Facebook messaging glitch. A subset of Facebook users experienced firsthand the risk of entrusting control of personal messages to third parties.  Last Wednesday, FB accidentally sent the private messages of a “small number” of users to strangers instead of the intended recipients.  Unlike well-publicized security breaches of credit card companies and banks, the misdirected messages were largely personal in nature and contained little identifying information, so the risk of actual injury is low.  But that may not be very comforting to those who had intimate details divulged to strangers.  Some of the accounts indeed provoke a gut-level enquiry as to how privacy violation should be measured.  On the flip-side, the occasional misrouting of a letter by the Post Office doesn’t give rise to much concern – and in that case the sender is usually clearly identifiable – so why should electronic mail be afforded greater scrutiny?

—By Jennifer Halbleib and Elisabeth Oppenheimer