There are two differences that jump out between this awe-inspiring alphabetical listing of all Facebook users and a dog-eared telephone directory.  First, Facebook’s directory has a staggering 171 million names in it.  Second, in good news for paper prices everywhere given the first difference, the directory is digital — it’s right there, online.  And if it’s online, it’s scrapable.  Ron, being of the inquisitive engineering sort who can’t help but push a button if he sees one, figured that supply creates demand, and went ahead and scraped the directory.

That means he produced a file on his own hard drive containing more or less the directory’s main contents: for each person listed, a name, the person’s Facebook URL (what one types in to go directly to his or her entry), and unique Facebook ID (not a secret; this is part of a person’s Facebook url).  The resulting file is only a few gigs — amazing how cheap storage has become that so much can be roughly the side of an episode of House.  Ron then placed it online as a torrent — which means anyone can download the file, and voila, a snapshot of Facebook’s membership as of July 2010.

So, is this a problem?  As I’m writing, news is only just breaking, so it’s like that moment when a toddler trips, falls, and then has to think about whether to cry or not.  “You’re OK!” is usually what the alert parent encouragingly says — and if the toddler buys it, it’s usually true.  In fact, even if the toddler doesn’t buy it, it’s still usually true.  In this case, I think I’m with the metaphorical parent.  The data that Ron grabbed is precisely what Facebook users have chosen (or perhaps more accurately, passively acquiesced) to share.  For those who lock their privacy settings to avoid having a public listing in a Facebook search, they’re not present here.  For those who have, they are — along with a click through to their respective Facebook pages however they’ve chosen to share them.

Ron appears a little disquieted by it because of the prospect that the snapshot can live forever more.  If you remove your Facebook account or up your privacy settings, that will be reflected in real time in the Facebook directory and search (or at least it should be!).  But the torrent file exists forever — so one’s privacy choices are locked into that moment.  This is an artifact of having a service — Facebook — converted into a product — a Facebook database — the way that universities used to not just maintain online directories, but also publish bound volumes of their alumni with addresses, for those who opted in.  (In fact, many universities still do this; someone should tell them about saving the trees.)

There’s some privacy hit there, but there are also benefits.  By making a public directory — and a scrapable one, no less — Facebook gets more inbound links and attention as its members become easier to find.  And we benefit by having Facebook’s subscribers’ public pages indexed by the likes of Google and Yahoo! search.  In fact, when searching on a person’s name in a regular search engine, quite commonly a Facebook entry is one of the top hits.  That seems to me a good thing, and once Google, Yahoo!, and Bing have it, why shouldn’t Ron and anyone else who wants it have it too?  Indeed, Ron already did some cool stuff with the data.  For example, he crunched it all and came up with a list of Facebook’s most commonly used first and last names, discovering “Michael” and “Smith” coming in at number 1 for each.  Congratulations, Michael Smith, you are hidden in plain sight, since a search for you turns up so many others at the same time!  (Not so much with “Jonathan Zittrain”…)

Anyway, that’s generativity at work: Facebook makes available a directory on free and open terms, and people do stuff with it, some of which can surprise us.  There could be bad surprises, too — Ron and others hint at undesirable data mining — but I’m glad that the gates of Facebook’s gated community have some slats in them, rather than being a solid wall.  At most, it seems to highlight the desirability of getting the defaults right: Facebook shouldn’t have people automatically publicly sharing stuff they’d not normally share, without clear markers on what’s about to happen.  As Google would say, “Please read this carefully.   It’s not the usual yada yada.”

Indeed.  There have been so many Facebook privacy mini-scandals that we’re primed for the next, and the involvement of a torrent file adds an element of seeming subversiveness to the mix, given the association of p2p with contraband material.  But sometimes when the boy cries wolf it’s just a shadow.  I count 8 Yadas in the Facebook directory.  And I, along with my cool musician brother Jeff Zittrain, fall in between Aron Zittra and Austin Zittrauer.  Until now, who knew?  Interesting — but not pitchfork worthy.  …JZ

The issue is larger than one firm’s unfortunate misstep.  It echoes across the entire Internet.  Call it the Fort Knox problem.

Fort Knox represents the ideal of security through centralization: gunships, tanks, and 30,000 soldiers surround a vault containing over $700 billion in American government gold.  It’s not a crazy idea for a nation’s bullion; after all, the sole goal is to convincingly hoard it.  But Fort Knox is an awful model for Internet security.

Our IT environment has traditionally been immune from many Fort Knox issues, because its architecture has encouraged decentralization.  One PC might be compromised, or Web site might fall, but others stand.  Bad guys on one side of the spectrum, and well-intentioned regulators on the other, each had to sweat to have an impact on Internet activities.

But the bad guys were clever and industrious.  Their digital robots came to costlessly crawl the Web looking for computers and sites to compromise, leveraging their reach.  Operators of well-financed Web sites have dealt with rising anxieties about security by spending enormous amounts of money on digital bunkers and backups for their data, while littler ones have hunkered down and simply hoped they wouldn’t be hit.

The public sector has been confused about how to help.  Governments know how to maintain and defend their roads and waterways, but have been stymied in cyberspace: so much of it is rightly privatized that there’s no obvious place to station a guard and no way to fill a digital pothole.  Worse, since identifying those behind intentional attacks online is exquisitely difficult, the traditional state tools of deterrence and punishment are ineffective.

That’s why we now see centralization under a few major corporate umbrellas under which disparate activities can be gathered.  The lures of security, interoperability and economies of scale have propelled much of the Web from a vibrant ecosystem of different, and differently managed, PCs and sites to one where a handful of private Fort Knoxes take responsibility for security.

But we can’t simply put our precious data into a single well-protected vault and peek in every few years.  We need to guard our PCs and data, but we also need them to be part of a worldwide network.  When we’re not masking our digital trail, we’re eagerly sharing it.  If we try to centralize its protection, it’s not a one-time transaction: rather, we need a constant gatekeeper who signs our data in and out every time we want to make use of it.  That’s a thread that runs from the McAfee debacle, where millions of people and firms turned the keys to their computers over to a third party to handle, through to cloud-based platforms like Facebook, where the company’s assent is increasingly needed to run unrelated applications on its platform or to log in to unaffiliated Web sites that no longer care to maintain their own digital borders.

If McAfee makes a mistake, many people pay at once.  If Facebook’s computers go down or are compromised, thousands of otherwise-independent applications and sites suddenly go down with it.  It’s not just our own data and transactions at risk, but our collective memory: the flip side of a centralized defense against bad guys is vulnerability to well-meaning good guys.  For example, if the generally laudable Google Books project is a spectacular success, we’ll see libraries give up their moldering, isolated archives of regular books in exchange for PC terminals where patrons can peer at an ephemeral digital copy drawn from Google’s central archive.  It makes sense – and no doubt Google has near-impregnable backups – but it’s also an opportunity for a government to intervene in worrisome ways.

For example, if one book in the system contains copyright infringing, or defamatory, or obscene material, those aggrieved can get a court order requiring the infringing pages of the book to be deleted from the central server.  This vulnerability affects every book that is distributed and maintained through a centralized platform.  Anyone who does not own a physical copy of the book – and a means to search it to verify its integrity – will now lack access to that material.  By centralizing (and to be sure, making more efficient) the storage of content, we are building a world in which, as a practical matter, all copies of once-censored books like Candide, The Call of the Wild, and Ulysses could have been permanently destroyed at the time of the censoring, and could not be studied or enjoyed even after subsequent decision-makers lifted the ban.

So what do we do?  We have two things going for us that the real Fort Knox doesn’t: we can make copies of our digital gold, and there are lots of us, each with our own stake in security and autonomy.

First, so long as there aren’t undue barriers to extracting our own data from cloud platforms or our own PCs, backups can become more seamless, and made in a variety of ways, making a McAfee misstep or anything like it less costly.  Then we have our cake and eat it too.  The same principle applies to projects like Google Books, where participating libraries can arrange to securely maintain their own gold copies of Google’s precious trove – kept to compare against others’ copies, so omissions and changes can be detected and appropriately challenged, not leaving Google with the sole burden of holding off government speech regulation.

Second, we need to reinvigorate the Internet’s principle of open, distributed architecture that has sparked so much growth and innovation.  Our choices for security aren’t simply among government soldiers, corporate mercenaries, or our own personal barricades – though each has a valuable role to play.  Rather, we can reinforce open, shared early warning systems to enumerate and deal with security threats, whether against PCs, Web sites, or Internet connectivity.  With a few technical tweaks, we can all further help relay data from Web sites that are under attack, stabilizing their presence.  Security shouldn’t have to be purchased like a personal bodyguard.  Far more flexible than Fort Knox are people, each with their own pocketed gold and machinery, empowered to look out for one another.

A version of this appeared in the Financial Times on June 3rd, 2010.

The details: I found myself in the hospital last Thursday thanks to unexplained fevers that spiked at night and were gone by day.  After a bunch of tests my unfailingly conscientious doctor recommended (well, insisted) I get to the hospital for yet more.  By Friday morning I was apparently a very interesting case — offering symptoms that were both general enough (just the fevers) and worrisome enough (a couple numbers very off on some blood tests) that no one could figure out what was going on (put in medicalese that I’m rapidly learning enough of to be dangerous, there was a large “differential diagnosis”) — and yet there was some sense of urgency, especially if what I had was an infection that could go systemic.

Friday afternoon resulted in a procedure that looked to be moderately serious (both it and what kind of infection they were expecting to find), and by Saturday morning people were even more puzzled: there was no infection yet found, but the fevers remained.  (In the meantime, none of the immediate risks from the procedure materialized.)  A friend started a blog to keep friends and family updated, under a light password, and then a colleague had the inspired idea of asking a medical blog to put out a gentle call to its audience — primarily doctors — to help in the diagnosis given what a tough nut it was to crack.  I mean — I do believe that many eyes make all bugs shallow, and the truly fantastic team of doctors here was OK with a blog being kept.  (The case has involved, from what I can tell, multiple specialties from across the hospital and beyond, and every single doctor I’ve encountered, including the hospitalist who manages the case, has been fearsomely smart and intensely engaged.)

The password went away, and initials were used for me — we didn’t use my name because it wasn’t important who I was, and there was no reason to make a few days’ blogging of health issues googleable with my name as a search term forever!  (I know, here I am blogging, but …)

Sunday morning Lessig tweeted that JZ was ill and why was a mystery — all true.  The blog produced some amazingly helpful comments from people and doctors at large, including references to two discrete academic journal articles — one from a Korean medical journal from 1994!  Thanks to the Net I had a copy on my PC and then e-faxed to the nurse’s station on my floor in a matter of minutes.  In the meantime, over the course of today (Monday the 15th), additional results have come back to help narrow the diagnosis in a properly documentable and formal way — one that’s converging, it seems, to the obscure Korean article.  To be clear, the terrific doctors here have been methodically arriving at this diagnosis already.

If that is indeed the diagnosis — and more tests are needed to rule out some other long-tail possible causes — the prognosis is good — certainly much better than some of the diagnoses floating around last week!

Fast forward to about an hour ago, when the good folks at BoingBoing echoed Lessig’s call for assistance — drawn from an intermediate source that had already put 2 and 2 together and turned Lessig’s “JZ” into … me, no doubt without even thinking there was any difference.  So then it became: “Jonathan Zittrain is really sick and needs help finding out why!”  I hope you can see from the full context that that’s both true — it’s a transformation of a tweet that was true at the time, though not meant to be bounced to the whole Net, which is why I hadn’t tweeted it myself — and yet also now false/irrelevant: the diagnostic phase is drawing to a close, and the kind of out-of-the-box brainstorming we’d hoped to draw from targeted crowdsourcing had, wonderfully, happened.

There’s been no desire to trumpet to everyone that I’m illin’, nor any need to do something like raise $100,000 for a transplant or find a matching marrow donor through a distributed appeal to the world.

So — I need to practice what I believe and write about in places like The Future of the Internet, Chapter 9, paragraph 91.  : )  (I hate to post something not topical about the Internet on this blog … and those who know me or follow my work know that I don’t tend to put much of my personal life into either my blog or my tweeting.  Honestly, I’ve yet to figure out how to navigate that line.)  Trying to put a cat back in the bag is not easy, and I’m no fan of the memory hole.

That’s why I’m posting this now — BoingBoing has kindly taken down the post (since the call for help was no longer timely, and because I hadn’t previously been identified), and the friends-and-family blog about my daily adventures in the hospital (no complaints at all about the hospital experience, actually!) will end up back behind a password in the obscurity where it belongs.

I’ll try to be responsive to comments if any are left here, and want to close with a heartfelt thanks to those who have helped sort out this truly puzzling situation, and who have shared their good vibes and support.

See you soon at some conference where I’ll try to scare you about the iPhone even as I use one myself,
JZ
aka Jonathan Zittrain

“The deeper Hubble looks into space, the farther back in time it looks, because light takes billions of years to cross the observable universe,” the Space Telescope Science Institute said in a statement released Tuesday.

So that makes sense on one level.  But here’s what I don’t get: the light only took that long to get here if the starting point for it was in fact 13.2 billion light years away.  Since the universe is expanding, if one rewinds time, it shrinks.  Indeed, I thought the Big Bang to mean that at one point the Universe was a singularity, both meaning in a condition for which our laws of physics can’t say anything, and that it was essentially compressed into a single point.

But if it was compressed into a single point — apparently about 5-600 million years further back from the 13.2 billion we’re now seeing — that means that 14 billion years ago everything was, well, extremely close to everything else.  So unless the universe is expanding faster than the speed of light, how could anything be 13.2 billion light years away from us, 13.2 billion years ago?  Maybe something is that far now, but if so its light would only just be starting its journey to us.  The whole light year calculation presumes that something was that far away from us then – a time when the whole universe was much, much smaller in diameter.  Maybe it has something to do with the universe’s expansion as a matter of dark energy, e.g., the fabric of the universe itself expanding, vs. the expansion found as all the galaxies speed away from one another (countered by the actions of gravity)?  Something to do with the “inflationary period” catapulting everything really far away from everything else in one swoop?

I’m sure I’m missing something here.  What is it?

Companies rarely share information about the cyberattacks they experience — conventional wisdom has it that it makes the company appear vulnerable, and drives customers away.  Here Google is open about the attacks, while of course assuring readers that it had tightened security as a result.  Google then links these attacks to a lessening of enthusiasm for doing business in China.  Eliminating censorship in google.cn is only mentioned after that.

Suppose the Chinese government acts as expected and tells Google that it may no longer operate in China.  Google.cn might vanish as a domain name, since it’s hosted under the Chinese country-code TLD of .cn, ultimately controllable by the Chinese government.  But the search engine found there could of course keep operating from a different location, like cn.google.com.  Suppose then that China attempts to filter out traffic to and from that new location — and to and from google.com for good measure, as it has done from time to time, especially before the advent of google.cn and its agreement to censor.  (We’ll be watching for such moves at herdict.org, a site where users can report Web blockages.)

What next?  My hope, and expectation, is that Google engineers who might have been a bit halfhearted about implementing censorship mandates in google.cn could be full-throttle in coming up with ways for Google to be viewed despite any network interruptions between site and user.  There are lots of unexplored options here.  They’re unexplored not because they’re infeasible, but because most sites would rather not provoke a government that filters.  So they don’t undertake to get information out in ways that might evade blockages.  Here, Google would have nothing more to lose, so could pioneer some new approaches.  Circumvention of filtering (or other blockages, for that matter) tends to happen on the user side of things, seeking out proxies like the Tor network, or anonymizer.com.

To be sure, many of the larger benefits of operating in China originally cited by Google four years ago — exposing the citizenry to services beyond those locally grown and monitored; engaging them beyond the “China Wide Web” to which some government officials aspire to limit them; and gaining market share that can create momentum and support for later loosening of restrictions — may attenuate.  Google.cn is less known and used than, say, the local Baidu search engine, which boasts about 60% market share.  That share is about to get even bigger.

But drawing a line is both the right move and a brilliant one.  It helps realign Google’s business with its ethos, and masterfully recasts the firm in a place it will feel more comfortable: supporting the free and open dissemination of information rather than metering it out according to undesirable (and capricious) government standards.

That’s it.  Its presence on a poster advertising the OpenNet Initiative’s academic book Access Controlled was enough to deem it prohibited by UN security forces at the Internet Governance Forum, who are shown in these videos removing the poster from the room over the objections of OpenNet colleagues Ron Deibert and Rafal Rohozinski.  Computerworld has a writeup here.

As Ron says: “If we cannot discuss topics about Internet censorship and surveillance policy at a forum about Internet governance then what is the point of something like the IGF?”

There are a few definitions out there – not surprising, since “cloud” is a metaphor that could work for several phenomena.  One, known in Internet engineering circles, refers to the “middle” of the Internet – that place amidst the hops data can take from sender to receiver that is remote from both of them. A second definition thinks of cloud as “swarm” – so distributed computing or data storage, where lots of computers might host a bit of code (think SETI@home and Harvard’s IIC) or data (think Tribler). (Interestingly, this is the opposite of the first definition: it contemplates everything but the middle.)

A third definition, more in use in discussions of the cloud today, speaks to an asymmetry between sender and receiver: one is a client – the “user” of a service – and the other is the service itself.  Examples are you and your gmail (your mail is stored in “the cloud,” in that case at Google); an online Flash game at sites like FlashArcade; and Microsoft’s “Office Live,” where your documents and spreadsheets are both stored and used online with Microsoft.  The latter is sometimes called software-as-a-service (awkwardly, “SaaS”), denoting that the code for it is running in a central place – where a vendor can shape and update it at any moment – rather than on your own PC or other device.

This idea of cloud computing is increasingly prominent because it’s finally attainable. For many people Internet access is ubiquitous and continuous. With Net access a constant – often achieved through smartphones, where an absence of a wi-fi signal need not mean no access, since the cellular network can still be used – there’s less of a need to have a PC or other device be self-sufficient.  Data and code can be accessed and run far away, with the user barely noticing the difference, and there are lots of pluses to doing things this way, even as I’ve made the case that this shift carries risks that should be dealt with.

But there’s another factor at work that pushes outward the definition of “cloud computing.” It arises from the adoption of what I call “tethered appliances.” These are devices where the code and data may well remain near the user, so they do not at first glance fit into any of the definitions of the cloud. Think Amazon Kindles, where your books can be kept on the device (and thus accessed on an airplane without Net access); iPhones, where you download “apps” to run on your phone; and TiVos, where your recorded shows are stored on a hard drive inside the box.

But in a key respect – that of your freedom to control your code and data – these devices act like cloud services.  That’s because the vendors have privilege to say how they will operate long after you’ve brought the devices home, updating the way the devices work, and their contents, over the Internet or a cellular network. Sometimes that control is total. For example, no outside code is permitted on a Kindle or TiVo.  Sometimes it is partial: Apple allows outsiders to code for the iPhone, but code must be vetted by Apple and distributed exclusively through the iPhone apps store.  For all of these devices, it’s more like allowing Amazon and TiVo and Apple to set up a beachhead in your home (or pocket), a little server of their own that’s a cloud service that happens to be near you:

[W]e need to rethink our vision of the network itself. “Middle” and “endpoint” are no longer subtle enough to capture the important emerging features of the Internet/PC landscape. It remains correct that, from a network standpoint, protocol designs and the ISPs that implement them are the “middle” of the network, as distinct from PCs that are “endpoints.” But the true import of this vernacular of “middle” and “endpoint” for policy purposes has lost its usefulness in a climate in which computing environments are becoming services, either because individuals no longer have the power to exercise meaningful control over their PC endpoints, or because their computing activities are hosted elsewhere on the network, thanks to “Web services.” By ceding decision-making control to government, to a Web 2.0 service, to a corporate authority such as an OS maker, or to a handful of security vendors, individuals permit their PCs to be driven by an entity in the middle of the network, causing their identities as endpoints to diminish. The resulting picture is one in which there is no longer such a clean separation between “middle” and “endpoint.” In some places, the labels have begun to reverse.

So when I say I’m troubled about the cloud, it’s a shorthand for being troubled about consigning some of our longstanding technological freedoms to others. They can affect (for their own reasons or by government order) our digital environment in real time. This is comparatively new in the public’s experience of technology, even as we’ve seen forms of cloud computing within firms for years – places where we might naturally not care as much about personal freedom, since the computers (and most of the activity taking place on them) belong to the company. I don’t begrudge operators of cloud-based services from rejecting this expansion of the definition. For their purposes, it can make sense to distinguish between stuff stored at home and far away, whether or not a home device is controlled remotely by a vendor. But for the areas many of us should be caring and thinking about, a tethered appliance is tantamount to being in the cloud, and the sea change this represents has to be dealt with, especially since it’s appealing for so many other reasons – such as security and convenience.

Lost in the Cloud

Cambridge, Mass.

EARLIER this month Google announced a new operating system called Chrome. It’s meant to transform personal computers and handheld devices into single-purpose windows to the Web. This is part of a larger trend: Chrome moves us further away from running code and storing our information on our own PCs toward doing everything online — also known as in “the cloud” — using whatever device is at hand.

Many people consider this development to be as sensible and inevitable as the move from answering machines to voicemail. With your stuff in the cloud, it’s not a catastrophe to lose your laptop, any more than losing your glasses would permanently destroy your vision. In addition, as more and more of our information is gathered from and shared with others — through Facebook, MySpace or Twitter — having it all online can make a lot of sense.

The cloud, however, comes with real dangers.

Some are in plain view. If you entrust your data to others, they can let you down or outright betray you. For example, if your favorite music is rented or authorized from an online subscription service rather than freely in your custody as a compact disc or an MP3 file on your hard drive, you can lose your music if you fall behind on your payments — or if the vendor goes bankrupt or loses interest in the service. Last week Amazon apparently conveyed a publisher’s change-of-heart to owners of its Kindle e-book reader: some purchasers of Orwell’s “1984” found it removed from their devices, with nothing to show for their purchase other than a refund. (Orwell would be amused.)

Worse, data stored online has less privacy protection both in practice and under the law. A hacker recently guessed the password to the personal e-mail account of a Twitter employee, and was thus able to extract the employee’s Google password. That in turn compromised a trove of Twitter’s corporate documents stored too conveniently in the cloud. Before, the bad guys usually needed to get their hands on people’s computers to see their secrets; in today’s cloud all you need is a password.

Thanks in part to the Patriot Act, the federal government has been able to demand some details of your online activities from service providers — and not to tell you about it. There have been thousands of such requests lodged since the law was passed, and the F.B.I.’s own audits have shown that there can be plenty of overreach — perhaps wholly inadvertent — in requests like these.

The cloud can be even more dangerous abroad, as it makes it much easier for authoritarian regimes to spy on their citizens. The Chinese government has used the Chinese version of Skype instant messaging software to monitor text conversations and block undesirable words and phrases. It and other authoritarian regimes routinely monitor all Internet traffic — which, except for e-commerce and banking transactions, is rarely encrypted against prying eyes.

With a little effort and political will, we could solve these problems. Companies could be required under fair practices law to allow your data to be released back to you with just a click so that you can erase your digital footprints or simply take your business (and data) elsewhere. They could also be held to the promises they make about content sold through the cloud: If they sell you an e-book, they can’t take it back or make it less functional later. To increase security, companies that keep their data in the cloud could adopt safer Internet communications and password practices, including the use of biometrics like fingerprints to validate identity.

And some governments can be persuaded — or perhaps required by their independent judiciaries — to treat data entrusted to the cloud with the same level of privacy protection as data held personally. The Supreme Court declared in 1961 that a police search of a rented house for a whiskey still was a violation of the Fourth Amendment privacy rights of the tenant, even though the landlord had given permission for the search. Information stored in the cloud deserves similar safeguards.

But the most difficult challenge — both to grasp and to solve — of the cloud is its effect on our freedom to innovate. The crucial legacy of the personal computer is that anyone can write code for it and give or sell that code to you — and the vendors of the PC and its operating system have no more to say about it than your phone company does about which answering machine you decide to buy. Microsoft might want you to run Word and Internet Explorer, but those had better be good products or you’ll switch with a few mouse clicks to OpenOffice orFirefox.

Promoting competition is only the tip of the iceberg — there are also the thousands of applications so novel that they don’t yet compete with anything. These tend to be produced by tinkerers and hackers. Instant messaging, peer-to-peer file sharing and the Web itself all exist thanks to people out in left field, often writing for fun rather than money, who are able to tempt the rest of us to try out what they’ve done.

This freedom is at risk in the cloud, where the vendor of a platform has much more control over whether and how to let others write new software. Facebook allows outsiders to add functionality to the site but reserves the right to change that policy at any time, to charge a fee for applications, or to de-emphasize or eliminate apps that court controversy or that they simply don’t like. The iPhone’s outside apps act much more as if they’re in the cloud than on your phone: Apple can decide who gets to write code for your phone and which of those offerings will be allowed to run. The company has used this power in ways that Bill Gates never dreamed of when he was the king of Windows: Apple is reported to have censored e-book apps that contain controversial content, eliminated games with political overtones, and blocked uses for the phone that compete with the company’s products.

The market is churning through these issues. Amazon is offering a generic cloud-computing infrastructure so anyone can set up new software on a new Web site without gatekeeping by the likes of Facebook. Google’s Android platform is being used in a new generation of mobile phones with fewer restrictions on outside code. But the dynamics here are complicated. When we vest our activities and identities in one place in the cloud, it takes a lot of dissatisfaction for us to move. And many software developers who once would have been writing whatever they wanted for PCs are simply developing less adventurous, less subversive, less game-changing code under the watchful eyes of Facebook and Apple.

If the market settles into a handful of gated cloud communities whose proprietors control the availability of new code, the time may come to ensure that their platforms do not discriminate. Such a demand could take many forms, from an outright regulatory requirement to a more subtle set of incentives — tax breaks or liability relief — that nudge companies to maintain the kind of openness that earlier allowed them a level playing field on which they could lure users from competing, mighty incumbents.

We’ve only just begun to measure this problem, even as we fly directly into the cloud. That’s not a reason to turn around. But we must make sure the cloud does not hinder the creation of revolutionary software that, like the Web itself, can seem esoteric at first but utterly necessary later.

Jonathan Zittrain, a law professor at Harvard, is the author of “The Future of the Internet — And How to Stop It.”

The Kindle edition books Animal Farm by George Orwell. Published by MobileReference (mobi) & Nineteen Eighty-Four (1984) by George Orwell. Published by MobileReference (mobi) were removed from the Kindle store and are no longer available for purchase. When this occured, your purchases were automatically refunded. You can still locate the books in the Kindle store, but each has a status of not yet available. Although a rarity, publishers can decide to pull their content from the Kindle store.

Another fascinating aspect of the Cloud: everything is rented rather than owned, and can be taken away with only a refund to show for it.  I worry about this phenomenon here and here in my book — I just didn’t have any good examples at the time of writing. My concern isn’t just about publishers having second thoughts about their material.  It’s the tool handed to regulators: someone could allege defamation for a passage in a book and a court, aside from awarding damages, could order Amazon to excise the offending passage retroactively.  Same for politically sensitive speech:

Imagine a world in which all copies of once-censored books like Candide, The Call of the Wild, and Ulysses had been permanently destroyed at the time of the censoring and could not be studied or enjoyed after subsequent decision-makers lifted the ban. In a world of tethered appliances, the primary backstop against perfectly enforced mistakes would have to come from the fact that there would be different views about what to ban found among multiple sovereigns—so a particular piece of samizdat might live on in one jurisdiction even as it was made difficult to find in another.

It looks like the particular complaint here is that the book was eliminated from the online “archive” that Amazon maintains for one’s Kindle purchases; I can’t tell if copies stored on Kindles themselves were actually deleted over Amazon’s direct-to-Kindle wireless network, but at least one user reports that Kindle copies are killed too. The version removed is by a publisher called MobileReference (appearing to specialize in public domain works) and sold for $.99; another version from Houghton-Mifflin for $9.99 is still available. One possibility is that the work is in public domain in some places but not others — making it trickier to sell through the Kindle store, though the store does have some sense of a customer’s location. But even if Amazon were mistakenly selling the book without clearing rights — it’s a new feature of a cloud-based e-book vs. a regular book that “mistakes” can be wiped clean with the touch of a button. For more thoughts on that, see the curious case of TiVo v. EchoStar.

And seriously — to put 1984 down the memory hole is just too … ironic?  Or is it fitting?

Update 18 July 2009: Amazon has issued the following statement describing the situation as arising from a copyright issue.  Of course, paper books could not be similarly recalled — bug or feature?

Hi Jonathan,

These books were added to our catalog using our self-service platform by a third-party who did not have the rights to the books.  When we were notified of this by the rights holder, we removed the illegal copies from our systems and from customers’ devices, and refunded customers.  We are changing our systems so that in the future we will not remove books from customers’ devices in these circumstances.

Thx,
Drew

Drew Herdener
Director of Communications

Update 24 July 2009: Jeff Bezos has posted an apology:

This is an apology for the way we previously handled illegally sold copies of 1984 and other novels on Kindle. Our “solution” to the problem was stupid, thoughtless, and painfully out of line with our principles. It is wholly self-inflicted, and we deserve the criticism we’ve received. We will use the scar tissue from this painful mistake to help make better decisions going forward, ones that match our mission.

With deep apology to our customers,

Jeff Bezos
Founder & CEO
Amazon.com

It’s hard to ask for more than that — I’m eager to see the ways in which Amazon can structure the Kindle so that not only Amazon, but those who might try to regulate Amazon, have limits to what they can do.