In 2008, The Future of the Internet called attention to a “sea change” in the way consumer devices interact with the Internet. “The future is not one of generative PCs attached to a generative network,” the book warns; “it is instead one of sterile appliances tethered to a network of control.” In response to the security threats posed by malicious third-party code, increasing numbers of users will likely gravitate towards gadgets “tethered” by continuous communication between product and vendor. And this proliferation of tethered computing—the “appliancization” of PCs—will deal a serious blow to the principles of generativity and free expression that drove the early Internet.

Since the publication of The Future of the Internet, the ethos of strict appliancization has taken a new turn. In 2011, Professor Zittrain wrote an update on the book’s message: “at the time of the book’s drafting, the alternatives seemed stark: the “sterile” iPhone that ran only Apple’s software on the one hand, and the chaotic PC that ran anything ending in .exe on the other. The iPhone’s openness to outside code beginning in ’08 changed all that. It became what I call “contingently generative” — it runs outside code after approval (and then until it doesn’t).” This trend towards contingently generative models continues into the present day, and represents a shift similar in many respects to the one The Future of the Internet predicted.

Jon Brodkin and Peter Bright’s Ars Technica op-ed on the Microsoft Metro app store offers some valuable commentary on a big development in this “sea change.” The article recognizes that “Microsoft is imitating Apple in one very bad way, by limiting the distribution of Metro applications to a Microsoft-controlled app store… by bringing Windows to tablets, Microsoft could strike a blow for openness in a market dominated by a closed system. Instead, Microsoft is bringing the same restrictions found on iPads to both Windows tablets and PCs.” As forecasted by The Future of the Internet, devices that only run approved code are gaining popularity. Metro, the curated user interface that has found its way onto Microsoft’s tablets and PCs (in the case of the PCs, alongside a fully-functional desktop mode capable of side-loading non-Windows Store applications), won’t run applications from outside the Windows Store. Moreover, the apps available through the Store are subject to a bevy of restrictions on content. With these restrictions on installable applications come the restrictions on generativity that The Future of the Internet anticipated: “lock down the device, and network censorship and control can be extraordinarily reinforced.” And, as the Ars Technica piece observes, the Windows Store’s rules would exclude critically-acclaimed content like the video game Elder Scrolls: Skyrim, simply for its PEGI 18/ESRB M rating. It isn’t hard to extrapolate, as Brodkin and Bright do, that these rules could give rise to debacles similar to Apple’s (repealed) ban of a satire app developed by a Pulitzer Prize winner.

Though the Windows Store’s restrictions resemble Apple’s policies in many ways, there is a crucial difference: Metro-running Windows 8 products are designed as PC replacements, rather than sui generis devices like the iPad. And since Windows desktops have long been preferred gaming platforms, the theoretical exclusion of content like Skyrim from the Windows Store makes Windows 8’s emphasis on the Metro interface particularly jarring.

With Metro, Microsoft has made a decisive move towards contingent generativity. Brodkin and Bright note that “there are security benefits to a closed app store model, particularly for less tech-savvy users who may not understand all the dangers on the Web. There are also, arguably, convenience benefits; end-users can be reasonably confident that the apps they download will work correctly and be at least marginally useful…But while these security and convenience benefits might be enough to justify the existence of a curated app store, they don’t justify the decision to make that store the only option for all users. Informed users should be allowed to install applications from wherever they want.” Brodkin and Bright prefer a system like Gatekeeper, a fixture in newer versions of Apple’s OS X, from Mountain Lion forward. Gatekeeper gives users the choice to restrict their operating system to App Store apps and outside apps that have been signed with Apple-issued Developer IDs, or open up the device to all programs, whether or not they’ve been vetted by Apple. The “Future of the Internet” Blog is fairly enthusiastic about Gatekeeper: about a year ago, a post here suggested that “the middle ground of allowing non-App Store signed code may represent the best of both worlds.” But we were quick to warn that Gatekeeper strikes a tenuous balance: “one small tweak — lose that Control-click for sideloading — and OS X could fully merge with iOS, both in functionality and in security methods.” Metro’s riff on content control could be just that sort of tweak—especially given recent speculation that Microsoft may dump desktop mode in Windows 9, leaving only Metro.

Moreover, a contingently generative business model like the Windows Store’s carries some ethical implications that, while not damning, are certainly worth examining. Distribution systems like the Windows Store, Apple’s App Store, and the Android Market receive 30% of the sales revenue from applications sold in their stores (in the Windows Store, this cut drops to 20% after an app reaches $25,000 USD in revenue). Further restrictions on side-loading in new operating systems would drive a great deal of business towards big companies’ proprietary marketplaces—and with that traffic would come big payouts. With the uptick in store traffic that tighter gatekeeping would engender, it’s easy to imagine the equilibrium of Mac’s OS X Gatekeeper being forsaken for more restrictive, and more lucrative, operating systems. To analogize, a la The Future of the Internet: when the company that makes your computer requires you to install programs through their official store, it isn’t so different from the company that makes your toaster forcing you to buy from their bakery—and taking a cut out of every bread purchase you make.

Even though Windows 8 PC users can still make use of a fully-functioning desktop operating system, Microsoft’s failure to include a side-loading option for the heavily-emphasized Metro interface—particularly in devices marketed as PC replacements—is a step in the wrong direction. It’s also an indication that the seas are changing in the way The Future of the Internet predicted. Given that Android’s more open approach to outside applications[1] still leaves the Android Market increasingly economically viable, Ars Technica is right to voice its disappointment in xenophobic operating systems like iOS and Metro.

I’m seeking a full-time one-year rock star research associate to engage with a variety of projects and classes, with a broad opportunity to immerse in cyberlaw and Internet topics.   Blurb below, with more information on how to apply at <http://cyber.law.harvard.edu/getinvolved/jzra>.  …JZ

–

Professor Jonathan Zittrain of Harvard Law School, the Harvard Kennedy School of Government, the Harvard School of Engineering and Applied Sciences, and the Berkman Center for Internet & Society, seeks a full-time research associate in Cambridge, MA for a period of one year, beginning no sooner than June 1, 2013.

This position requires the ability to absorb large amounts of written and other media materials from various sources (including but not restricted to: original sources, scholarly articles, news articles/blogs, interviews, databases) in a short amount of time, critically analyze that material and render it forward. This could take the form of prep materials for panels, conferences and presentations; article outlines; fact checking materials; original article or paper drafts; slide decks or other digested forms. The research assistant should be prepared to help prepare materials for class sessions and syllabi, lead discussions and work with project managers to accomplish research-related goals.

Research is often self-directed with little outside guidance beyond broad outlines and themes (though occasional targeted research assignment for a specific fact or image can be expected, and feedback is provided), so the ability to quickly critically appraise sources and identify interesting, relevant and original paths is essential. Wide-ranging interests and the ability to work on almost any issue or topic that arises is a plus, as is an ability to ramp up quickly on unfamiliar fields or topic areas. Excellent writing and editorial skills with an attention to detail are also required.

This job is an ideal opportunity for those interested in future graduate school or law school studies, whether currently admitted or still applying to such programs.

Over the course of the year, a motivated individual will sharpen and focus his or her research agenda and make valuable contributions (in his or her own name) to the field of cyberlaw and beyond, while being exposed to interesting thinkers in academia, industry, and government. A research associate in this position will work very closely with Professor Jonathan Zittrain and his team, assisting in a variety of research areas, e.g. ubiquitous human computing, mesh networking, and cybersecurity, as well as on topics around access to knowledge and open scholarly publishing under the auspices of the Harvard Law School Library.

The position will not start before June 1, 2013.  As with all Berkman staff positions, this is a term position, ending June 30, 2014.

I just published a short piece in the F-T in the wake of legal threats against users who tweeted or retweeted a link to a BBC report of child abuse that turned out to be wrong.  Here’s the full text –

Those who didn’t see the false child abuse accusations against Lord Alistair McAlpine on an ill-considered BBC documentary may have instead heard about them through social media. This week, London’s Metropolitan Police suggested they might file charges against those Twitter users who sullied the reputation of the retired Conservative politician by knowingly repeating the lie that he was a child abuser. But the police may be less fearsome to the average BBC-linking tweeter than Lord McAlpine himself.

His attorneys say they have identified 1,000 original libellous tweets and 9,000 more retweets. Under the UK’s plaintiff-friendly libel law, the conventional wisdom holds that even a simple retweet  which simply echoes others’ content could be actionable, whether or not the user thought it to be false. In addition to a £185,000 settlement with the BBC, Lord McAlpine’s lawyers are inviting implicated tweeters with fewer than 500 followers to make a donation to charity, and those with more followers to agree to bespoke settlements. Such invitations are declined at one’s peril — at least for those who live in the UK or any other place with an agreement to enforce UK civil judgments.

Such a broad-based attack on individuals is unwise and uncalled for, even as the injury that inspires it is mortifying. The problem is that what appears to be a trivial, momentary action — retweeting something of interest — can now create or magnify a falsehood as powerfully as if it had aired on national television. If a television station can be held responsible for what it broadcasts, why not the individuals whose collective megaphone rivals that of the BBC?

The answer is that television stations can and should have fact checking and legal departments as part of the cost of responsible business. Individuals cannot be held to a similar practice, and a series of uneven threats that stills the speech of only the most lawyer-sensitive will unduly undermine the huge value of a service such as Twitter. There may be call to go after the most egregious malicious actors — those who intentionally seek to sow untrue and damaging information about a specific person — but the very identification of 10,000 uncoordinated tweets and retweets suggests something other than bad faith by all. Traditional media can remain vibrant precisely by upholding a higher standard and helping social media to sift truth from falsehood.

Nor would charging Twitter itself with the broadcaster or newspaper editor’s policing function help. Trying to force Twitter to prescreen material would likely result in the service simply refusing to display any tweets to users located in the UK. Expecting it to monitor all tweets to block a tiny proportion of bad ones is unrealistic. As US Justice Felix Frankfurter warned in 1956, striking down a Michigan law that forbade bookstores from selling immoral books, we should not burn the house to roast the pig.

It is dicey enough to attempt automated processes to take down identical copies of copyrighted music and movies on services like YouTube, where robots scan 100 years of video every day looking for alleged infringements. To seek to pressure intermediaries to judge the murkier areas of truth and falsehood, and then squelch tweets as they emerge, would require a level of intrusion that even China has not managed. Italy found out as much when, in 2010, prosecutors obtained a criminal conviction against top Google executives for allowing someone to upload a YouTube video depicting the bullying of an autistic boy. The video was a needle in the haystack that comprises 72 hours of footage uploaded every minute, and the convictions for not finding and dealing with it quickly enough satisfied no one with an interest in the dispute. Google had removed the video within two hours of being alerted to it by authorities, and the verdict remains under appeal.

There are ways to improve the status quo. Microblogging will look different 10 years from now. Services such as Twitter can, and will, hone ways for people not only to retract what they have said, but to relay a follow-up message through all those who repeated it. Those who willfully initiate a devastating lie can often be identified and shamed, and those who unwittingly repeat it can, if the technology makes it simple to do, assist in undoing its damage.

Lord McAlpine’s situation bears some resemblance to the unhappy 2005 discovery by RFK press aide John Siegenthaler that his Wikipedia entry had billed him, absurdly, as a conspirator in RFK’s assassination. Mr Siegenthaler lamented the site’s fact-checking and toyed with litigation against the initially-anonymous editor who created his entry.

The editor, who was eventually unmasked, apologised and resigned from his day job. Mr Siegenthaler urged the employer to show mercy. Meanwhile, Wikipedia tightened its rules and practices for the creation and editing of new articles, especially biographies of living persons, and over time it has tweaked its software to be able to undo many instances of vandalism with only one click. Wikipedia has chosen to do so despite enjoying broad immunity under US law for what happened.

Technologies that greatly empower people to communicate with one another are transformative enough to cause injury. Their sharp edges can best be sanded by enlisting people of good faith to help correct the wrongs they may have inadvertently amplified. We should rarely invoke  litigation or prosecution, which can chill legitimate speech and cantonise the internet, as material will be withheld selectively from regulation-heavy jurisdictions.

The internet can help us to understand and own the ethical dimensions of what we do online, and to make morally informed, rather than legally compelled, choices about the information we absorb and refract onward.

Update – 10/17/2012: The parties involved in the lawsuit – Speak for Yourself and SCS/PRC reached a settlement, allowing the app to remain in the Android and iOS app stores. More at the Nieder family blog.

Original Post:

Generativity hasn’t had a poster child — until now.

Meet Maya, a four-year-old child who could lose her ability to speak with the elimination of an app from the iOS App Store.

As detailed in the Nieder family’s original blog post on the subject, Maya uses Speak for Yourself (SfY), an iPad app that serves as an “augmentative and alternative communication” (AAC) device. Before finding SfY, Maya had tried multiple AAC devices, but hadn’t found one that worked for her.

In March, Speak for Yourself, LLC was sued by two companies, Semantic Compaction Systems (SCS) and Prentke Romich Company (PRC). Both produce AAC hardware — but not apps — and filed suit against SfY for alleged infringement upon their patents. Maya’s mother Dana has posted coverage of the lawsuit on her blog, Uncommon Sense. The lawsuit against SfY is ongoing, with a trial scheduled to begin soon.

The patent lawsuit has nothing to do with the app ecosystem on its own terms — Apple is not a party.  However, SfY was pulled from the iOS App Store on June 4th by Apple at the request of SCS/PRC. SfY has asked the court to tell SCS to tell Apple (!) to put the software back. The motion for SfY describes the process that it went through with Apple after the initial challenge was lodged.  SfY says that it was required to send Apple proof that the app did not infringe, after lawyers for SCS/PRC submitted a copy of the patent complaint.

Apple is not in a position of expertise or authority to evaluate these types of patent claims, though it is no stranger to patent litigation itself.  So why did Apple pull the app, especially in a circumstance in which it would be provoking the public’s ire by — you can see the blog entries write themselves — potentially taking away a little girl’s voice?

One answer may be fear of being drawn into the litigation — in particular, being found liable for secondary patent infringement.  A recent Supreme Court case, Global-Tech Appliances, inc. v. SEB S.A., held that once a distributor has actual knowledge of a patent — in this case, one covering a deep fryer that the distributor was selling — it can be liable for “induced infringement.” After SCS/PRC complained to Apple, Apple might be said to have actual knowledge of the patent at issue. Thus, if the app were found to infringe and Apple did not remove it from its store, Apple could be liable for inducement, a problem that a prior generation of technology platform makers never had to contend with.  No one thought Microsoft responsible for every piece of software written for Windows — even software that was the subject of intense legal fighting, such as Napster and Grokster.

Apple’s action, which we’re inferring was based on sound or at least typically risk-averse legal strategy, puts it a very strange position. On the one hand, it is defending app developers from patent trolls like Lodsys, and on the other, it has to pull apps before a court can even rule on whether they infringe on a patent.  Perhaps patents need a DMCA-style notice and takedown regime, where app developers would have the right to contest the patent claims and have their application stay in the store.  At the very least, there should be clarification of the boundaries of secondary patent infringement in these circumstances — apps aren’t deep fryers, and to treat them as such risks changing the status quo, not maintaining it.  Today it’s not possible to dispossess all deep fryer owners of their cookware, even if it were found infringing.

It’s a sad reality of walled gardens like the iOS app store that developers are entirely dependent on one company for distribution, and have little recourse in cases like this one, even where the walled garden’s owner may not even be happy with the outcome. Apple has the power to determine what apps are in the iOS app store, and by tying itself to one distribution platform, SfY has ensured that it can’t function without permission from Apple. Yet it can’t reach typical iPhone and iPad owners without using the platform.

This is hardly the first case of a single platform distribution model suddenly whipsawing a developer — and its customers. For example, in 2010, Facebook banned applications from a company called LOLapps, including its game Critter Island. Critter Island’s active monthly users went from 13 million to zero over the course of a day.

SfY isn’t the only party affected by Apple’s legal caution. As her family points out, although Maya still has the application on her iPad, and can still use it for the time being, any update to the iOS environment (like iOS 6) could break SfY, rendering Maya incapable of speaking again. Without access to the App Store, the SfY development team cannot push out updates or fix bugs. The SfY application is an orphan, unable to phone home. Various commenters have mentioned that Maya’s parents can disconnect the iPad from the Internet, keeping it in airplane mode forever to prevent the OS from being updated, or jailbreak the iPad and hope the application keeps running. These are self-evidently awful solutions — so much so as to count more as kludges.

Moreover, nothing prevents SCS/PRC from asking Apple to remove all copies of the SfY app from iOS devices, just like Amazon did with Kindle copies of 1984. Maya’s copy might be safe only if her parents have taken one of the actions mentioned above. But the SfY application isn’t just used by Maya, and there may be other people with special needs who currently rely on it and have no idea about the patent infringement case.

Apple has never publicly admitted to retroactively yanking applications from individual devices, but that may not matter. Apple has the ability to do so, and in the past, courts in cases such as TiVo vs. Echostar (discussed at length in Chapter 5 of Future of the Internet) have required companies to modify their existing, tethered products to remove infringing functionality. Echostar did modify the code of its existing devices in an attempt to avoid patent infringement, but not sufficiently in the eyes of the court. In the end, Echostar was ordered to license TiVo’s patent — a possible outcome here. An injunction from the court, if SfY is found infringing, could force Apple to pull the application from existing devices. Maya and other SfY users could become victims of perfect enforcement.

Speak for Yourself is a vivid example of how the move from product to service in software — “tethering” — and the resulting prospects for perfect enforcement can combine to create a circumstance where Apple may be legally required or strongly incented to pull an incredibly useful application from its devices, thus removing it from use by the people who need it in a way that a prior generation of devices could not possibly have been disabled.

The remedy for patent infringement should lie in damages against the manufacturer or a court order reflecting a considered judicial act, rather than a simple risk aversion by a private party with no dog in the fight. Now that Apple has shown that a nasty note on legal letterhead  is enough to get an app pulled, app developers simply may not even try to fight a long patent war.  And here, the deprivation of the app is a deprivation of a child’s speech.  We’ve gone out of the frying pan and into the deep fryer.

–by Kendra Albert, Nick Fazzio, and Jonathan Zittrain

When you see the headline “Powerful ‘Flame’ cyberweapon tied to popular Angry Birds game,” does it cause you to think that there is actually some connnection between the recently discovered malware Flame and Angry Birds? That would be entirely reasonable, but wrong. Here’s what the article says:

The most sophisticated and powerful cyberweapon uncovered to date was written in the LUA computer language, cyber security experts tell Fox News — the same one used to make the incredibly popular Angry Birds game.

LUA is favored by game programmers because it’s easy to use and easy to embed.  Flame is described as enormously powerful and large, containing some 250,000 lines of code, making it far larger than other such cyberweapons. Yet it was built with gamer code, said Cedric Leighton, a retired Air Force Intelligence officer who now consults in the national security arena.

This headline writing isn’t just from Fox. The Washington Post picked up the article with “Flame cyberweapon written using gamer code, report says.” Both of these articles are pretty light on any substance about the malware, and Fox News even calls it to a “cyberbomb,” which is strange, given that its primary purpose seems to be surveillance. (See Corbis image of ominous hands on Macbook keyboard.)

To be fair, much of the information about Flame is technical, hard to parse, and very little of it is accessible to the average Fox news or Washington Post reader. A comparison to Angry Birds may make an abstract concept like a programming language more clear, and Cedric Leighton’s comments are clearly meant to contrast Flame with other malware, very little of which is written in Lua. Certain functions may be easier to perform in Lua than in other languages, making it good for writing mobile games (or viruses).   However, there’s nothing particularly notable about its commonality between Flame and Angry Birds.

When one sees the phrase “built with gamer code”, one might assumes that there is actually lines of code in common between the game and Flame. In this case, it merely means the same language. The equivalent would be, “Unabomber manifesto tied to tech news headlines.” After all, they’re both written in English.

-Kendra Albert

In 2009, Amazon staff panicked when they came to believe that they’d allowed copies of George Orwell’s classic 1984 to be sold through the Kindle store without properly clearing copyright permissions.  They reacted by eliminating copies of 1984 not only from the Kindle Store, but from the Kindles of individual purchasers.  Those reading the text suddenly found it gone from their Kindles, along with any highlights or annotations they’d made. In place of the text Amazon refunded the $.99 purchase price.  Outrage (and noting of irony) ensued, and Amazon promised to never to pull books again.

Today another incident casts into relief the contingent nature of electronic books — how readily they are not only deleted or censored, but altered.  A company called Superior Formatting Publishing offers a $.99 version of the now-public-domain War and Peace through Barnes and Noble’s Nook store — the lowest price version to be found there. When a blogger named Philip of the Ocracoke Island Journal read his copy, he noticed something quite odd:

“As I was reading, I came across this sentence: ‘It was as if a light had been Nookd in a carved and painted lantern….’ Thinking this was simply a glitch in the software, I ignored the intrusive word and continued reading. Some pages later I encountered the rogue word again. With my third encounter I decided to retrieve my hard cover book and find the original (well, the translated) text.

For the sentence above I discovered this genuine translation: ‘It was as if a light had been kindled in a carved and painted lantern….’ “

The Nook version of War and Peace had changed every instance of “kindle” or “kindled” into “Nook” and “Nookd,” not just on Philip’s copy, but on ours too.

The Superior Formatting Publishing version isn’t a Barnes and Noble book, so this isn’t the work of a rogue Nook marketer from B&N.  Rather, it’s likely that Superior Formatting Publishing ported its Kindle version of War and Peace over to the Nook — doing a search and replace to make sure that any Kindle references they’d inserted, such as in the advertising at the end of the book about their fine Kindle products, were simply changed to Nook.

The unwitting hilarity of a publisher doing a “find and replace” and accidentally changing the text of a canonical work of Western thought is alarming. Many versions of e-books are from similar outfits, that distribute public domain works formatted for Kindle or Nook at the lowest possible prices. The great democratizing factor of the ebook formats – that anyone can easily distribute – can also mean that readers can never be quite sure that they are viewing the texts as the author intended.

Hat tip to Hacker News for the find.

–Kendra Albert and JZ

Last week, a number of developers reported that Apple was rejecting iOS applications that used Dropbox, a popular cloud file storage and backup system. An initial thread on the Dropbox developers’ forum has led to a outpouring of tech news full of hyperbolic claims. However, none of this reporting has covered the real problem – Apple is now more concerned about protecting its business model than serving its users or its developers. 

Dropbox integration is an easy way to allow users to sync files between their iPhones or iPads and other devices. For example, an email application could allow users to attach files from their dropbox, rather than limiting them to files on their phone. Dropbox’s basic accounts are free, but users can upgrade to more storage by paying a monthly fee.

As we’ve mentioned before, Apple requires a 30% cut of all in-app transactions and subscriptions. This is one of the reasons organizations like the Financial Times switched to Safari-based web apps rather than making official applications that go through the App Store. Since Apple stands to benefit from in-app purchases, the store doesn’t permit workarounds such as opening up Safari to allow users to make an out-of-app purchase. Here’s the relevant portion of the App Store Review Guidelines:

11.13  Apps that link to external mechanisms for purchases or subscriptions to be used in the app, such as a “buy” button that goes to a web site to purchase a digital book, will be rejected.

Developers claim that Apple has cracked down on what constitutes an external mechanism for purchasing. Goran Peuc, the maker of popular application CamBox, posted a conversation with an Apple reviewer through Apple’s Resolution Center where Apple claimed that sending users to the Dropbox website to make an account constituted a violation of this rule.

From Dropbox’s perspective, this is a pretty unexpected triggering of the 11.13 restriction, mostly because of the minimum number of steps required to make an out-of-app purchase here.

1. User does not have Dropbox installed on their iOS device.
2. User is taken to a Safari page with the option to login.
3. User does not have a Dropbox account. Clicks the “desktop version” button or the “create account” button. (see image)
4. From “desktop version” or “create account” button, user can then navigate to a page with paid options for Dropbox as opposed to the default free account.

Going to a Safari page that allowed one to create a Dropbox account was forbidden because it might lead to users upgrading, paying Dropbox (but not Apple) money. It seems pretty clear that Dropbox was not acting maliciously or trying to bypass Apple’s subscription guidelines by including a “create account” link. The developers who use the Dropbox SDK (Software Development Kit) are often not affiliated with Dropbox. Having an in-app purchase of a Dropbox account could result in these developers having access to payment and possibly user information – a significant security risk. Dropbox could also require users download their application to create an account, but that would be even more clunky than a online login.

Dropbox quickly updated its SDK to eliminate the offending links, but the damage had been done – three to four other developers reported similar app rejections.  So far, Apple has confirmed that it was a violation of guideline 11.13 that led to the refusals, but has not yet accepted all of the affected applications. Kerfuffle mostly over, although with the recent launch of Google Drive and Microsoft’s increased push for its SkyDrive, both Dropbox competitors, Apple’s timing couldn’t have been worse. What’s the upshot?

Apple’s enforcement of its App Review Store guidelines has been capricious at best, and many developers agree that it has begun cracking down on practices that previously would not have disqualified an application. A single function call that might lead to a webpage where money could be made is now enough to prevent anyone from seeing an application.

The Dropbox rejections are another reminder that iOS developers are entirely dependent on Apple’s whims to reach users inside its walled garden. App rejections can lead to weeks of fixes and months of lost sales. Furthermore, Apple’s review system is non-transparent, the policies violated aren’t public and enforcement is subject to change. Developers can question reviewer rulings, but all of this takes place out of the public eye– hence Dropbox having no idea that apps using its SDK were being rejected till Peuc posted on the forum.

Although content producing businesses can move outside the Apple ecosystem with web apps, developers who need to use core phone functions are stuck playing the App Store game.  The rhetoric behind the App Store is that the restrictions are for protecting the users and their devices. Unfortunately, now they seem to be used to protect Apple’s business model, at the expense of users and developers.

We at the H2O project are seeking a full-time Project Manager. H2O is an online platform for textbook development and distribution, currently in a pilot stage. H2O is based on the open source model – instead of locking down materials in formalized textbooks, we believe that course books can be free (as in free speech) for everyone to access and, equally important, build upon.

Using H2O, professors can freely pull together materials for a course by selecting cases, editing those cases to the sections that are most relevant, and grouping them into readings. Once the materials are assembled, they can be copied in part or in whole by other interested faculty and then edited further.  H2O has been successfully piloted in JZ’s 1L Torts class, and will be rolling out further over the coming year.

H2O’s project manager will play a leading role in shepherding H2O into its next phase, which will focus on developing new materials and incorporating additional features, in order to expand the platform beyond its law school roots.

H2O is a  joint project of the Berkman Center for Internet & Society and the Harvard Law School library.  The Project Manager will be housed at the HLS Library and work in close collaboration with lead members of the Library Innovation Lab team; he/she will also work closely with the Berkman Center and current H2O teams. More info and job posting here.

I participated in the Berkman Center’s fascinating HyperPublic symposium in the summer of 2011.  When moderating a panel I invoked the aphorism that “When something online is free, you’re not the customer, you’re the product.”  It’s a way of encapsulating the idea that online free services usually make money by extracting lots of data from users — and then selling that data, or using it for targeted availability of those users for advertising, to advertisers.  In that sense, the advertisers are the clients, and the users enjoying free content are what’s being sold.  (Of course, sometimes that happens even when the user pays.)

I didn’t coin the phrase, and since it was featured (and attributed to me!) in wordsmith.org’s wildly popular “word a day” as a thought for the day accompanying the word “enceinte” — I sought to nail down its provenance.

The first use of the quote that we can find is as a comment within the famed MetaFilter community  in August 2010. The user’s name is blue_beetle, who might be someone named Andrew Lewis.  It’s entirely possible I saw it there, as MeFi is one of my five favorite sites on the Web.

Similar sentiments (whether drawn from that source or independently invented) have been expressed by Bruce Schneier in October 2010 and by Douglas Rushkoff in September ’11.

The phrase “you’re the product” also apparently appeared in a 1986 speech by President Reagan about the drug war.

Just say know.

–KA and JZ

This week, Apple announced that it was moving to a new, faster OS X operating system development cycle, starting with the release of Mountain Lion next summer.  It previewed a number of features for the OS, and released some parts in beta.

Mountain Lion is slated to include a feature called Gatekeeper as part of the security and privacy settings. Gatekeeper allows administrators (those with full privileges on a Mac) to limit the applications that can run on the Mac.  They can choose among allowing apps downloaded from the Mac App Store only, or apps from outside the Store so long as they are digitally signed to Apple’s satisfaction by their developers, or apps from anywhere.  (The latter has been the way both Mac and Windows PCs have worked, for better or worse, since the introduction of the Apple II in 1977.)

We here at Future of the Internet will refrain from saying “I told you so” about the prospect of Macs only running applications from the Mac App Store.  Instead, we will note that there are benefits for enterprise Mac fleet managers to limit apps to the App Store only.  Most users on others’ (such as employers’) machines may not even miss the ability to “sideload” — there are plenty of Solitaire apps in the Mac App Store.  Moreover, users who have administrative permission have the option to override Gatekeeper at any time by Control-clicking and affirming their intention to go “off roading.” MacWorld has more information about the way Gatekeeper interacts with the existing security measures.

The second option, allowing applications from both the App Store and signed developers, is where the meat of this story is. John Gruber of Daring Fireball, reporting on a private product briefing, stated that developers will now be able to get free-of-charge developer IDs to sign code with. If true, this is a great step forward for continued generativity on the platform.  (So far the Apple Developer website has no mention of free options for signing code.) Signed code produced outside the App Store is excellent. It eliminates the concerns about App Store-pushed sandboxing (as expressed here) by allowing developers who write un-sandboxable programs to sign their code anyway, for verification purposes. It also means that developers who either don’t want to hand 30% of their revenue over to Apple (as a cost of entry to the App Store) or who want to produce applications with non-Apple approved content (like a comic by a Pulitzer Prize winner) can still signal to users that their work isn’t malware.

Will this help users make decisions about what kind of programs to install? The more that legitimate developers join the Developer ID program and start signing code, the more effective Gatekeeper will be at deterring users from installing malware. But if developers don’t sign up, it’s easy to see how Gatekeeper could turn into yet another click-through approval box, where users see so many warnings that they instantly click okay.

Gatekeeper in its current blueprint isn’t the end of Mac generativity.  The middle ground of allowing non-App Store signed code may represent the best of both worlds. However, one small tweak — lose that Control-click for sideloading — and OS X could fully merge with iOS, both in functionality and in security methods.  And that would be the worst of both worlds.  Perhaps a successful launch of Mountain Lion in its current plan can pave the way for iOS to become a little more generative.  That depends more on Apple’s desired business model for the app store than on maintaining security for the mobile platform.

–KA and JZ