Google wrestles with the generative trade-off. Security experts have found another set of malicious apps in the Android Market and discovered that Google Docs regularly hosts phishing sites.

Falun Gong sues Cisco for facilitating official Chinese repression. Members of Falun Gong have sued tech giant Cisco in a U.S. court, alleging that the company customized its technology to meet government tracking and censorship needs and helped design China’s Golden Shield, the country’s infamous online censorship and surveillance firewall. The group also claims that Cisco marketed its technology as a tool to target government dissidents.

Hargreaves Review published. The review evaluates the fitness of the UK’s intellectual property regime for an internet age. It finds that IP laws put in place several hundred years ago are now stifling modern innovation and goes on to make ten specific recommendations for IP law reform to correct the problem. These recommendations include approaches to clearing patent thickets; dealing with orphan works; and transitioning to evidence-based, rather than lobby-based, IP policy; as well as rejection of a US-like fair use limitation.

Facebook users benefit from a Web of Trust. Clicking a link on your Facebook page that the crowdsourced Web of Trust service has identified as spammy or malicious will now bring up a warning that you may want to avoid the suspect site (and also check out Wikipedia entries on malware and phishing).

iFlowReader closes. Independent iOS e-book retailer iFlowReader shut down at the end of May. According to the company, Apple’s new e-book seller rules made it impossible to turn a profit. (The rules require sellers to give Apple a 30% cut of sales while at the same time limiting the seller to only a 30% commission, so the seller gets the commission from the publisher but then owes it all to Apple.) Company execs expressed frustration that, in their view, Apple maintained complete control over its platform and felt free to change the rules on developers, even after they, relying on the old rules, had been induced to make significant investments.

TiVo and EchoStar settle. The case involving a judicial order to EchoStar to send a remote signal disabling its customers’ DVRs ended in a whimper last month when the parties settled after the Federal Circuit held that EchoStar had waived its arguments that the disablement provision was vague and overbroad. EchoStar had asserted that it legally should not have been forced to disable the DVR boxes because it implemented a design-around instead so that the boxes no longer infringed TiVo’s patents. But the court didn’t reach the merits of this argument, since it held that the time to raise such issues was before the district court found EchoStar in contempt. So while we know that the Federal Circuit doesn’t have a problem with trial courts issuing a disablement provision to remedy patent infringement, we still don’t know whether the infringing party could avoid disabling its users’ products by pushing an update that replaced the infringing technology with a non-infringing alternative.

—Jennifer Halbleib

The U.S. government uses a PC control switch? The U.S. federal government obtained a temporary restraining order in April that allowed it to send to private computers unwittingly part of a massive criminal botnet a command that disabled the malware. In the past, the government has cut off or seized the command-and-control servers and computers that run a botnet, but here – without notice, because federal agents were still trying to collect the IP addresses of infected computers – the government issued a command to personal computers owned by innocent targets of the Coreflood botnet. Arguably, since Coreflood steals private data and loots victims’ bank accounts instead of just generating huge amounts of spam, the government had sufficient justification to order citizens’ (and non-citizens?) computers to kill the program. But in addition to concern that the command itself might unintentionally damage some private machines, such a path may be quite slippery. After all, prevention may be cheaper than disease; why shouldn’t the government push security software to all personal computers? And why shouldn’t it monitor citizens’ online activity to make sure they aren’t downloading programs from malicious sites? Nonetheless, how different is the command in this case from required residential building and health standards or mandatory vaccinations for schoolchildren? The government regulates personal safety in the real world when it implicates the broader public good, why shouldn’t it do the same online? And in the end, an individual can avoid running the command on his computer (and dodge the botnet risk, too) by simply disconnecting from the Internet.  Of course, that makes the computer slightly less useful.  The phenomenon is reminiscent of this Wired account from 2003, though note the reporter’s credibility appears to be in question.  (!)

Google’s questionable Grooveshark takedown. Last week, the Electronic Freedom Foundation criticized Google for removing the popular music service Grooveshark’s app from the Android Market. Google has said that it was responding to an RIAA complaint but has not explained the basis of that complaint. The company did not require notice before the takedown as provided for by the Digital Millennium Copyright Act. If the complaint was grounded in copyright, EFF noted that Google’s actions departed from its longstanding position of requiring such valid notice before takedown. Because the move coincided with Google’s testimony before the Senate Judiciary Committee, EFF speculated that it was designed to mollify any Congressional skepticism that Google was not committed to copyright enforcement.  Note that apps can still be added to a phone without having to go through the Android Market.

More consumers demanding iPads in place of laptop PCs. Last quarter, Apple’s profits exceeded Microsoft’s for the first time since 1991. Overall PC sales declined 2%, consumer PCs dropped 8%, and netbooks –  the inexpensive and mobile generative PCs most similar tablets like the tethered iPad – fell 40%.

Translating iOS to WP7. Meanwhile, Microsoft is contesting Apple’s dominance of the tethered device market. Microsoft now offers a tool that helps developers convert their iOS apps to Windows Phone 7 apps. It maps the WP7 application programming interface – the set of definitions and rules an app uses to communicate with the phone’s operating system – onto the iOS API, making it easier for developers to port their apps to WP7, giving Windows Phone 7 users access to more apps, and allowing Microsoft to compete with Apple in app marketplace size and range sooner.

And a related discussion of generative PCs and tethered devices including thoughts on JZ’s thesis in the book, as well as a take on his concerns about crowdsourced work.

—Jennifer Halbleib

What content? Well, depending on the Western software company, any of the millions to billions of websites that the company has categorized. And the categories, of which multiple companies boast that they have more than 90, range from porn and violence, to dating and filesharing, to politics, religion, and even anonymizers. All the repressive regime has to do is to buy the software, pay the Western company to maintain the database of categorized websites, click the check boxes next to the categories of sites that it doesn’t want its people to access, and viola, the Western company has commercialized censorship. As the report puts it, “This is not simply a case of a general purpose, neutral tool being used for an end not contemplated by its maker. The filtering products of today engage in regular communications with their makers, updating lists of millions of websites to block across dozens of content categories, including political opposition and human rights.”

The report illustrates how the categorized lists these companies maintain tend to be overinclusive – after all, a governmental customer is unlikely to care if more speech is censored than necessary as long as nothing that it doesn’t want its citizens to see gets through. Furthermore, to give a repressive state the flexibility it needs to oppress effectively, most Western companies also allow their governmental customers to create user-defined lists of sites to filter, in case there is additional content that the government wants to block. Finally, some combination of the Western companies and the governments who use their products has recently moved to obscure attribution of filtering to these products, so citizens – and groups like the OpenNet Initiative – have a hard time determining who is allowing their government to censor the Internet.

It doesn’t have to work this way. Western companies don’t have to sell their filtering tools to repressive regimes – or any government or state-run ISP. They could limit customers to individuals and private employers. Moreover, they don’t need to maintain lists of categorized sites at all. And even if they want to keep lists of violent or pornographic sites for legitimate users, classifications such as “politics,” “religion,” and “privacy” are inexplicable unless the Western company is actively trying to help its governmental customers muzzle speech, and inexcusable then. Therefore, at a minimum, the Western companies could get rid of many of their categories.

Risks would still exist. Governments could steal the technology, as Iran may have done with McAfee’s SmartFilter. And in certain cases, repressive regimes could adapt free software developed for innocuous purposes to filter their citizens’ Internet. These risks – and others – may be sufficient to counsel against supplying anyone with any tool that can be repurposed for state-level censorship. But at the very least, Western companies shouldn’t be continuously complicit in government Internet censorship by selling repressive regimes the software and regularly providing them with updated lists of sites to filter.

It’s remarkable how brazen these Western filtering companies are. For example, one American company, Websense, has an explicit policy not to facilitate government censorship, except to restrict pornography. But among its nearly one hundred classifications listed in the report are such categories as “Advocacy Groups,” “Traditional Religions,” “Political Organizations,” and “Educational Institutions.” Perhaps Websense can articulate a legitimate reason for these categories, but it seems a stretch to relate them to “Adult Content,” which is a separate category in any case.

Another company, Netsweeper, is apparently perfectly willing exploit the freedom of foreign peoples by selling its software to government-backed ISPs looking to “block inappropriate content to meet government rules and regulations ‘based on social, religious or political ideals.’” Meanwhile, McAfee remains mum on how its relationship with repressive governments plays into its business conduct and ethics policy.

In an online world where we condemn oppression of a single netizen as cyberbullying, what do we call the conduct of Western companies that collude with governments to oppress an entire citizenry? Cyberrepression? And should companies that ostensibly exist largely to give parents the control needed to shield children from harmful Internet content be surprised if the government that created them exerts another form of parental control – the kind that parents use on poorly-behaving children with no self-control – by regulating the companies’ own asocial behavior? After all, if corporations have rights and obligations based on the legal fiction of corporate personhood, then these companies are the all-too-real sociopaths of the corporate world.

Even better, customers in Western countries can send a free-market message to these companies without having to resort to a regulatory intermediary: such duplicitous behavior – marketing software in the West as a tool to empower parents and businesses but in the Middle East and Africa as a tool to enervate a state’s citizenry – isn’t acceptable. We shouldn’t buy software that’s supposed to protect if its maker also sells it as a means to abuse.

—Jennifer Halbleib

While Apple and RIM pull the plug. This week both Apple and RIM removed controversial apps from their official app stores. Apple pulled an iOS app from Exodus International that propounded techniques and resources to treat homosexuality. And after several U.S. senators urged Apple, RIM and Google to remove the PhantomAlert app, which maps locations of nearby DUI checkpoints, from their respective app stores, RIM complied. So far, Apple has not removed PhantomAlert and Google refused to pull the app, saying that the app does not appear to violate Android content policies. Apple’s ultimate decision may shed some light on how it views its role as a benevolent gatekeeper: under what circumstances will Apple feel the need to step in and protect users from apps that are legal and don’t harm the device or expose personal data, but nevertheless contain content that users find offensive or believe is personally harmful? Similarly, should Exodus International come out with Android and BlackBerry apps, it will be interesting to see where RIM draws that line – and whether Google draws it. Of course, even if Google were to remove such apps from its official Market, Android’s open platform means that users could still download them from third-party app stores and sites.

And Google flips the kill switch. While Android owners may download third-party apps from Web sites that are independent of the official Android Marketplace, Google retains the power to reach in and remove apps from the phone without the owner’s permission. It recently did just that with over fifty apps containing code that, apparently as an initial step towards constructing a mobile botnet, rooted users’ phones. In this case, the apps were malicious and free. Google prevented users’ phones from co-option by a botnet and the users weren’t out any money. But by highlighting the precision and efficacy of tethering, Google may have put its remote kill switch on the table as a means for removing any illegal content. TiVo v. EchoStar showed us that some courts are willing to force an infringer to reach in and disable infringing devices that users have already purchased and installed in their homes. Courts may be less inclined to take such action against illegal content on a cell phone if it similarly means basically bricking the device. Cutting off innocent users’ phone service would be a much more disruptive remedy than frying their DVRs. But since Google has just demonstrated that it can excise the offending content specifically, why wouldn’t litigants ask courts for it as a remedy?

In the end, all four platforms decided what exactly their users own. Users buy a device, but what that device actually does is a service controlled by the platform. This service is subject to change at the platform’s discretion if, for example, it harms the device or doesn’t fit the company’s business model – and subject to change if senators, courts, advocacy groups, or anyone else can pressure the platform to take action.

Apple changes its policy on iOS e-book and subscription sales. If a company has an iOS app and allows users to buy premium content, such as e-books to be displayed by the app, with purchases made via a Web site (and therefore avoiding giving Apple a cut), Apple now requires that the company also allow users to make those purchases in-app (where Apple takes 30% of the price). Magazine or newspaper subscriptions sold through a browser must be available for the same price or less in iTunes as well. And publishers can no longer embed links in their iOS apps to Web sites that sell content. Furthermore, customers must be asked and then agree to release their information to publishers when they buy content through iTunes, so publishers are less likely to get the valuable consumer data they want for targeted advertising.

Google launches subscription payment service. After Apple announced its iOS subscriptions model Google followed with its content payment system, One Pass. One Pass operates across platforms. Customers who purchase content through their Google accounts can access it on their computers, tablets, or smartphones (though presumably not on their iOS devices, though there’s no technical reason this has to be the case). A spectrum of models is available to publishers: they can sell by the article, offer subscriptions, or provide day passes, among other options. Unless a customer opts out, Google shares customer name, zip code, and email address with the publisher. For One Pass service, Google takes 10% of sales revenue.

RIM tablet rumored to run Android apps. RIM may be developing software that would allow its PlayBook tablet to run Android apps. The move would increase the number of apps that can run on PlayBook more than six-fold to over 130,000 apps, making it more attractive to consumers. The tablet, promoted as the company’s answer to the iPad, is slated for release this year.

Facebook and the bright side of human flesh search engines. A woman who found a camera in New York City identified its owner in three hours by posting pictures from its memory card to Facebook and tagging her friends to solicit their help in the search. Web sites designed to reunite owners with their lost property exist, but both the finder and the seeker must know of them and go to the same one. Facebook doesn’t suffer from either problem. Although Facebook is not a fully public forum – most users restrict access to their profiles in some way – in this case it ended up being a big enough network to connect a helpful New Yorker with a grateful French tourist.

Boston promises a pothole-reporting app. It’s probably not something that Apple would have developed on its own initiative: an app that detects and automatically reports potholes using GPS and accelerometer data from the driver’s phone is in the works by the city’s “Office of New Urban Mechanics.” (!) While an unsafe driver may be wary of sending such information to city officials, the app’s developers see it as a new form of civic engagement. Perhaps we’ll see a pothole-filling app next year.

Google adds new security and crowdsourced ranking features. Google has recently added two new features. The first feature lets people with Google accounts add a second password. An account holder generates this additional code every time he wants to login, receiving it on his phone. It expires after a few minutes – giving the user time to log into his Google account – and so dramatically reduces the chance that it will be phished. The second feature is a Chrome extension that allows searchers to block sites that they don’t want to see in their Google search results. The user reduces unhelpful content farm results in her own searches, and Google draws on the information to tweak its rankings to decrease global content farm contamination of results.

Corporate strategies for information security and transparency. As more and more information is stored in the cloud and shared through networks, companies are increasingly susceptible to accidental or intentional disclosure of sensitive information. The Economist reports that corporations are taking a range of approaches to address the problem, from technological restrictions and monitoring (software or hardware that limits or watches what employees do with data) to cultural awareness (explaining to employees how particular acts put data at risk) or openness (sanctioning the release of more information to promote trust). Meanwhile, 40,000 individual Gmail account holders lost their cloud-stored emails and contacts this week because of a bug in a software update. Google is in the process of restoring users’ data to them — from backup copies on tapes.

Android app hacked to repeatedly text premium numbers. Hackers, apparently in China, have inserted code into a legitimate Android app that causes it to continuously text premium numbers. The altered form of the (already free) Steamy Windows app is available on unauthorized app sites. Once a user installs it, the app sends text messages to premium numbers, running up the user’s bill. It also blocks incoming texts from the wireless service provider that would normally alert a user that he has exceeded his text message quota. The hackers get a commission for each text sent to the specified numbers. Unwitting Android owners are at greater risk of attack, because unlike iOS owners, they can download apps from third party sites in addition to the official marketplace.  That makes them more generative — but also less secure, leading to the “generative dilemma.” (cached) [Cached because the cloud-based host for the deep linkable version of the Future of the Internet — And How to Stop It has vanished — ironic (or fitting?), given the book’s warning about the dangers of cloud-based platforms.

PCs as an endangered species. As the evolution of computing devices marches forward, PCs may be headed for extinction. Smartphones and tablets are increasingly marketed as PC replacements. These mobile devices can be used on their own, but also connect to a range of peripherals — laptop shells, monitors, keyboards, mice, even docks that turbo-charge performance with extra CPUs — for a more PC-like experience. For example, Motorola’s Android-based Atrix smartphone can run the desktop version of the Firefox browser when docked, giving the user access to cloud-based services like Google Docs in addition to the apps installed on the phone. But Firefox doesn’t run off the Atrix, it runs off a minimal Linux machine in the dock. And the Android app ecosystem doesn’t yet match the diversity of PC applications. Still, as mobile devices and the Web 2.0 apps and services (cached) they support become more sophisticated, it’s likely that they will expand out of their niche and invade the habitat currently occupied by PCs.

—Jennifer Halbleib

Although there was initially speculation that Apple pulled the Wikileaks app because it either was “not very useful” or was a paid app that solicited charitable donations and therefore contravened the Developer Guidelines (pdf), Apple later justified the app’s removal under other provisions of the Guidelines: “Apps must comply with all local laws and may not put an individual or group in harm’s way.” The app’s developer had promised to donate one dollar from each $1.99 sale to Wikileaks, giving people a way to support the organization after Paypal, Visa, and MasterCard stopped facilitating donations to the non-profit because of its questionable activities. Apple’s reluctance to serve as a conduit of funds for Wikileaks, no matter how nominal each individual donation, is a possible secondary motivation for removal. The app raised $4443 for Wikileaks while it was available in the App Store.

The app can still be downloaded onto jailbroken iOS devices from Apptrackr, and apps that provide access to Wikileaks documents are available for Android phones. In addition, the App Store itself has a handful of apps that give Wikileaks news and updates, but presumably don’t let users look through the leaked information. Nevertheless, Apple’s unilateral control over which apps users can run on their iPhones and iPads again raises concerns that a closed platform enables censorship either by Apple directly according to its standards or by government pressure on the company. And since Wikileaks posts appear to be both newsworthy and legal (so far), pulling the app may well have a chilling effect on other news outlets considering publishing controversial information of public interest to their iOS apps. For example, would Apple also pull the New York Times app if the newspaper posted a story on the leaked cables to its app?

These concerns, both disturbing and credible, will grow as more people get their news from apps run on closed platforms rather than print or Web sources. But the (hopefully farfetched) nightmare scenario is a universally adopted closed platform with a slick, free Wikileaks app… that gives users access to documents that have been surreptitiously altered to remove or even provide false information. A similar worry exists with search engines or ISPs that are overwhelmingly dominant or government-enforced monopolies. If such a search engine doesn’t index the Wikileaks website (or indexes a modified fake site instead), the site may as well not exist, unless a user knows where to look. And incidents during the recent Belarussian election highlight how a national ISP could achieve an analogous result by redirecting requests for a legitimate independent news site to a fake one.

In the past, open, distributed media in the U.S. has made such tactics impractical. And there still may be little chance that extreme deception of this nature could occur in the U.S. as private companies don’t often have an incentive to mislead their customers and the government is constrained from doing so. Yet it’s worth thinking about, both out of concern for citizens of other countries and because our government does on occasion employ technology to covertly alter reality by, for example, wiretapping or other surveillance. Surveillance is distinguishable in that it is directed against a particular individual or group, usually requires a warrant, and, while deceitful, simply collects information instead of affirmatively providing misinformation. But if authorities have probably cause, is a warrant to push an app “update” to a specific individual that provides inaccurate information to thwart criminal activity or facilitate capture – say, an altered fight schedule or public transit timetable – acceptable? In a very small minority of cases courts have enjoined the publication of certain information, but is there ever a situation where, if feasible, it would be permissible for the government require a company to mislead the general public? We may never need to answer these questions, but Apple’s response to the Wikileaks app is a step in their direction.

—Jennifer Halbleib

There are certainly reasons why this feature is worrisome. Uniflow blocks transmission of documents that use specific words, in effect selectively censoring the content of existing documents. In addition to preventing dissemination, Uniflow notifies an administrator, forwards the document at issue, and exposes the infringing employee’s identity. These procedures give an employer all the evidence it needs to hold the employee responsible for illicit transmission. Finally, the power imbalance in an employer-employee relationship likely will make the employee overly cautious, in particular if her employer does not disclose the magic keywords that trigger Uniflow’s alarm. In order to make sure she avoids disseminating sensitive documents, she may hesitate even when sending files she believes can be shared, because the cost to her if she is mistaken is too high to warrant the risk.

Nevertheless, I can also see Uniflow as an extension of employer email monitoring. Most employers have explicit technology policies that give employees notice that their work email belongs to the employer, who may monitor its contents. Therefore, workers don’t have an expectation of privacy in their messages. If employers have a similar disclosure for company documents, Uniflow is simply the mechanism used for such monitoring. While keyword automation can lead to more extensive surveillance by decreasing the time and expense required to keep a close eye on employees, an employer often has good reason to control the dissemination of its sensitive documents. For example, employers should be able to regulate client information, legal advice, and intellectual property to protect against liability or loss of company assets. The documents do, after all, belong to the company. Can preventing circulation of its own speech really be labeled “censorship”? And Uniflow prevents only routine office transmission. A whistleblower, for example, can circumvent the security measure by taking pictures of relevant documents with his smartphone. So while Uniflow instinctively makes me uncomfortable, in general, I don’t think its use will lead to untenable outcomes, at least in the workplace. (Use by governments, on the other hand, presents another question — as does government email surveillance.)

Instead, increasingly pervasive distributed surveillance is of greater concern. An employee knows that Uniflow is watching and can either print only documents she knows are keyword-free or avoid scrutiny by not using Canon machines if she thinks she is printing documents with prohibited keywords. In addition, she knows how her employer will use any information that it collects about her copying habits. But individuals often have no control over or even awareness of the personal information distributed observers digitally collect and publicize online. And once it is in the public sphere, they have no control over its use or further dissemination across the Internet. In addition to spreading information online, technology also facilitates sweeping data capture at both endpoints: collecting data to put online and collecting data from online sources. At one end surveillance casts a broad net; on the other it pans for gold.

In the employment context, consider an employee who called in sick to go to a World Series game. MLB photographed the face of every fan at the game and posted the panoramic composite image online (wide net), supported by Facebook Connect. A new app that runs on Facebook allows users to find photos of themselves and their friends and tag them automatically, so our hapless fan may be outed if one of his friends runs the software and his employer monitors — directly or indirectly — social media sites (gold).

The EU is currently grappling with this issue. It is drafting legislation that would give its citizens a right to remove personal data from websites. But in addition to difficulties enforcing EU law across an international Internet, the DMCA tack hasn’t proven a particularly acclaimed copyright protection. While sites might be sympathetic to personal information takedown notices, identifying and contacting the totality of sites that have the data could be problematic. In the book, JZ proposes an alternative approach:  engaging the Internet to disseminate the cure along with the disease by attaching metadata to personal information. Tagging personal information with the individual’s request that his data not be posted publicly or copied or searchable (for example) attenuates its spread. In fact, Facebook implemented such an approach with its facial recognition tool. Automatic tagging includes not only the person’s name but also the photo preferences he has set up on his Facebook account. So truant employees can control the dissemination of their photos after all. Sometimes you don’t need mystery keywords or a centralized security system. All you have to do is ask.

—Jennifer Halbleib

For every smartphone, someone, somewhere has an app kill switch. This week, Microsoft discussed the circumstances in which its kill switch could be flipped on the Windows Phone. It emphasized that pre-screening apps and subsequent removal of any remaining risky apps from the Market Place were preferred tools for addressing privacy and security concerns, characterizing the kill switch as a scram in case of impending meltdown.

i(Gold)Bricks. An iPhone 3G user has accused Apple of a different type of killing. In a lawsuit filed last week, she alleges that Apple intentionally used the iOS 4 update to debilitate iPhone 3Gs in order to increase sales of the iPhone 4. Part of her claim is based on the charge that Apple didn’t allow consumers to revert to a previous version of iOS after experiencing poor iOS 4 performance on an iPhone 3G — at least without voiding the warranty by jailbreaking the phone.

What are the limits on employee Internet policies? The NLRB is suing a Connecticut company, alleging that the employer fired one of its workers because she posted a negative comment about her supervisor on her Facebook page from her home computer. According the Legal Times, the NLRB is challenging a provision of the policy that the union says prohibits “depicting the company in any way over the Internet without company permission.” The EMT service contends the woman was fired for “multiple serious issues.”

A picture is worth a thousand dollars in traffic tickets. Next generation speed cameras not only calculate a driver’s speed, but also check to see if his insurance is current, his seatbelt is on, and he’s keeping a safe distance from the car in front of him. Some jurisdictions are apparently having difficulty making money off their speed cams. Upping the number of violations per picture should help.

Market Captcha. In the grand capitalist tradition of slapping an ad on any exposed surface, NuCaptcha is selling squiggly commercial space. Website visitors will have to type in a company slogan to proceed. Several prominent companies have signed up. I wonder if sellers of knock-off Rolexes and cheap pharmaceuticals will as well.

—Jennifer Halbleib

Addressing the zombie invasion. U.S. officials are evaluating an Australian plan that targets the botnet epidemic. In particular, the American government is eying provisions that allow an ISP to notify customers with infected computers — since botnets typically run in the background of a user’s own applications, often the consumer is unaware that her PC has been taken over — and perhaps even quarantine maliciously co-opted machines by limiting online access. As the FOI book echoed in 2008, such a program increases security without resorting to perfect enforcement and may also encourage ISPs to provide consumers with tools to disinfect their computers, either as part of the service plan or for an additional fee.

iOS developer guidelines relaxed enough for torrent apps? Last week Apple approved its first BitTorrent app. But it turns out that Apple didn’t intend to allow torrent apps. Instead, the developer avoided the term “torrent client” in the app description, temporarily evading rejection. When Apple became aware of the app’s capabilities, it removed the app from the App Store.

Android apps share information. A Duke-Penn State-Intel study using the new TaintDroid tool revealed that half of thirty randomly selected popular Android apps send personal information such as location or phone number to ad networks, sometimes with surprising frequency. When an Android owner downloads an app, he or she has to give permission for the app to collect personal information. But from that sole initial disclosure it’s usually not clear when information will be accessed and how it will be used. Privacy policies are often unintelligible. Hopefully utilities like TaintDroid will soon be available in downloadable form to allow Android (and iPhone) owners to monitor in real time what information their apps are accessing.

Italy demands that Apple remove an offensive app from the App Store. Child pornography? No. Graphic violence? Not so much. Italy is upset that a travel app characterizes the country as the home of the Mafia (also of pizza and scooters). Since Italy knows Apple can remove the app, it may feel entitled to demand that the company do so whenever Italians’ dignity is the least bit bruised. In a walled garden, the country of Da Vinci need not cultivate perspective.

RIM jumps on the anti-fart app bandwagon. RIM takes the position that apps that keep users coming back and convince them to purchase upgrades or additional content are more valuable to RIM and developers than fart apps. But should the value of an app be determined ex ante by device-makers or set by user behavior? Good search and rating systems seem like a better way to run an efficient app store — one that allows both apps that provide “ongoing entertainment value” and inexpensive, one-off apps that may serve important, if temporary, functions. (Ever unexpectedly have to entertain a child for an afternoon?) Still, nice of CompuServeRIM to tell us what we want. Because listening to users and developers isn’t a plan that’s going to work.

Can a wireless provider block texts it doesn’t like? New York federal court was presented with that question in a case where T-Mobile blocked all texts from a texting service because one of the service’s clients provided information via text on legal marijuana dispensaries in California. Under the recently proposed Google-Verizon net neutrality principles (analyzed here), a wireless company would have latitude to discriminate based on the sender, recipient, or content of the message as long as its practice is transparent. But it’s hard to see how the discrimination in this case is required because of the “unique technical and operational characteristics of wireless networks.” We’ll have to wait to see how courts address the issue as the parties have settled the case. Although the full terms of the agreement weren’t disclosed, it “requires T-Mobile to stop blocking the New York-based EZ Texting service’s thousands of clients, if they meet T-Mobile’s approval. The medical-marijuana info service, which used texts to tell its users where the nearest medical-marijuana store was, remains blocked.” (emphasis added).

The future of HR. Social Intelligence will help potential employers determine whether you are a good hire and monitor you (with real-time updates) when you’re on the payroll by trolling your public social network profiles. “[C]ompany spokespeople emphasize liability. What happens if one of your employees freaks out, comes to work and starts threatening coworkers with a samurai sword? You’ll be held responsible because all of the signs of such behavior were clear for all to see on public Facebook pages. That’s why you should scan every prospective hire and run continued scans on every existing employee.”

iPhone expression that’s more than skin deep. Children and adults with disabilities affecting speech are converting their iPhones to alternative communication devices. Smartphone apps that are mobile, easy to use, and even cool give a voice to autistic kids and stroke victims alike.

—Jennifer Halbleib

Unfailingly quotable Steve Jobs summed up Apple’s position on third-party development tools when the restrictions rolled back this month were originally instituted in April: “We’ve been there before, and intermediate layers between the platform and the developer ultimately produces sub-standard apps and hinders the progress of the platform.” At the time, many Internet news outlets considered the new rules a nativist response to the release of an Adobe cross-platform app development tool, which allows programmers to write apps once using Flash and then create variations for multiple mobile operating systems. Now Adobe’s tool and others like it are back in the game. The major remaining restriction, that an app can’t download any code, appears legitimately motivated at least in part by security concerns. But Adobe notes that Flash content in apps or the Safari web browser still is not allowed — developers can create apps with Flash but users can’t view Flash video.

Other restrictions imposed by Apple this year limited the analytic information an app could collect when the developer used an advertising network owned by a company that also made a device or an operating system. For example, AdMob is owned by Google, as is Android, so developers using AdMob couldn’t access the same information as, say, those using Apple’s iAd. Developers use ads to pay for free apps and need analytics to accurately target the ads to users. In an important corollary to loosening restraints on app developers, Apple now seems to permit unrestricted collection of analytic information by any mobile ad platform. If true, it will allow more mobile ad companies, and Google and AdMob in particular, to compete for app developers in the iPhone market.

Although the review guidelines are behind the iOS developer fee pay wall, they quickly leaked onto the Web. Apple must still approve every app, but now the company is providing some ex ante guidance for developers. However, the wording of the press release and guidelines is vague and broad, and terms are undefined. What’s “amateur”? To qualify as not amateur, does an app either need to look professional or be an idea so cool that Apple doesn’t care how polished the app is? The judges at Apple retain substantial discretion in interpreting the guidelines. But now at least their interpretation is confined within more precise parameters than Steve Job’s “porn, malicious, bandwidth hog, illegal, privacy, and unforeseen.” The judges are human, so they will make mistakes. But if they’re also good judges, their mistakes will be fewer in number, both because they have the guidelines in hand — which may have been true before the guidelines were public — and because developers will work to adhere to the guidelines and avoid the grief of getting rejected. Already, highly anticipated apps like those with Google Voice are being reinstated under the new regime.

Nevertheless, the powers-that-approve at Apple won’t be entirely “good” from the point of view of users, because these judges are never entirely accountable to consumers. In a perfectly free market they would be, but not in a world of two-year contracts, exclusive service providers, and trapped data. Apple must take into account corporate interests, regulatory concerns, input from their business partners, developer needs, and the like, as well. Not that perfect accountability is necessarily desirable; most U.S. judges are life-tenured, free from the control of the citizenry (mostly). This situation allows them to make decisions for the long-term benefit of society rather than being pressured to give into immediate demands that will cause bigger problems later. But federal judges are insulated from all constituencies, not beholden to several masters. iOS users and the developers that program for them know that Apple takes other considerations into account besides users’ first-order best interest. Perhaps Android will challenge Apple’s curation with a search-based approach that relies on users’ judgment of what apps they find valuable and what is the appropriate number of, say, fart apps.

That said, the shift in Apple’s policy is reason for optimism. While Apple can change its mind and rescind the changes, as JZ notes, once you crack open a platform, even just a little, it’s hard to go back. As soon as users and developers rely on the increased freedom, they will consider it unfair of Apple to backtrack. Perhaps Apple is slowly relinquishing control of the iOS platform.  First came the SDK, then more liberal development rules, what’s next?

—Jennifer Halbleib