Smartphone tracking data. Two researchers reported last month that Apple has been storing time-stamped location information on users’ iOS devices since June. An unencrypted file with these data is saved onto a user’s computer each time she syncs her device with it, as well. Apple appears to have good reasons for collecting the location information, but mistakenly stored data long-term on the device and collected it even after users turned off all location services. The company says that a fix is on the way. Google’s Android phones collect similar location information, although tracking is opt-in, difficult to use to trace a particular person, and can be disabled by the user. Both companies are being sued.

The U.S. government uses a PC control switch? The U.S. federal government obtained a temporary restraining order in April that allowed it to send to private computers unwittingly part of a massive criminal botnet a command that disabled the malware. In the past, the government has cut off or seized the command-and-control servers and computers that run a botnet, but here – without notice, because federal agents were still trying to collect the IP addresses of infected computers – the government issued a command to personal computers owned by innocent targets of the Coreflood botnet. Arguably, since Coreflood steals private data and loots victims’ bank accounts instead of just generating huge amounts of spam, the government had sufficient justification to order citizens’ (and non-citizens?) computers to kill the program. But in addition to concern that the command itself might unintentionally damage some private machines, such a path may be quite slippery. After all, prevention may be cheaper than disease; why shouldn’t the government push security software to all personal computers? And why shouldn’t it monitor citizens’ online activity to make sure they aren’t downloading programs from malicious sites? Nonetheless, how different is the command in this case from required residential building and health standards or mandatory vaccinations for schoolchildren? The government regulates personal safety in the real world when it implicates the broader public good, why shouldn’t it do the same online? And in the end, an individual can avoid running the command on his computer (and dodge the botnet risk, too) by simply disconnecting from the Internet.  Of course, that makes the computer slightly less useful.  The phenomenon is reminiscent of this Wired account from 2003, though note the reporter’s credibility appears to be in question.  (!)

Google’s questionable Grooveshark takedown. Last week, the Electronic Freedom Foundation criticized Google for removing the popular music service Grooveshark’s app from the Android Market. Google has said that it was responding to an RIAA complaint but has not explained the basis of that complaint. The company did not require notice before the takedown as provided for by the Digital Millennium Copyright Act. If the complaint was grounded in copyright, EFF noted that Google’s actions departed from its longstanding position of requiring such valid notice before takedown. Because the move coincided with Google’s testimony before the Senate Judiciary Committee, EFF speculated that it was designed to mollify any Congressional skepticism that Google was not committed to copyright enforcement.  Note that apps can still be added to a phone without having to go through the Android Market.

More consumers demanding iPads in place of laptop PCs. Last quarter, Apple’s profits exceeded Microsoft’s for the first time since 1991. Overall PC sales declined 2%, consumer PCs dropped 8%, and netbooks –  the inexpensive and mobile generative PCs most similar tablets like the tethered iPad – fell 40%.

Translating iOS to WP7. Meanwhile, Microsoft is contesting Apple’s dominance of the tethered device market. Microsoft now offers a tool that helps developers convert their iOS apps to Windows Phone 7 apps. It maps the WP7 application programming interface – the set of definitions and rules an app uses to communicate with the phone’s operating system – onto the iOS API, making it easier for developers to port their apps to WP7, giving Windows Phone 7 users access to more apps, and allowing Microsoft to compete with Apple in app marketplace size and range sooner.

And a related discussion of generative PCs and tethered devices including thoughts on JZ’s thesis in the book, as well as a take on his concerns about crowdsourced work.

—Jennifer Halbleib

Rumor — and that’s all it is — is that Google will announce  a $10/month Chrome OS laptop rental.  That such a rumor could be credible, whether or not it actually bears out, is a testament to how much our IT ecosystem has evolved in just the past few years.  I’ve long been concerned about the death of the PC, whether through the “appliancization” of our endpoint devices like smartphones or through increasing reliance on what’s now known as the Cloud: running our apps, and keeping our data, online instead of on devices that we own.

A rented laptop only makes sense when there’s nothing that will end up on the unit that would make it difficult to lose or trade in.  And that’s the promise of Chrome OS and the cloud: the keyboard and screen are generic; everything interesting happens online, either on the public Web or behind the gates of a user’s various online accounts — Gmail, Facebook, etc.

There’s nothing inherently wrong with that, just as there was no inherent ethical case to a decision between an old-fashioned answering machine (keeping your phone messages at home) and voicemail (keeping them … in the cloud).  (Remember when people called each other and left messages?)

The reason I’ve singled out the PC’s future is because it’s a bellwether for how much we get to control the code we run and the data we accrete.  In the good old days we effectively bought software (its own claim to being merely licensed notwithstanding) and stored our data in our plain view.  So long as we didn’t lose or munge our laptops we knew where our data was — and wasn’t.

As abundant, saturating network connectivity makes it more sensible to store stuff on others’ faraway servers, it’s all the more important that we establish technical and legal architectures to preserve our primacy in choosing what code to run and what data to associate with ourselves.  I have some thoughts on how to do that here and here.

Update [11 May 2011]: The rumors appear to be true.

Last month the OpenNet Initiative published a report that shines light on one of the more sensitive business practices of Western Internet security and filtering companies. These companies – including McAfee (an Intel subsidiary), Websense, and Netsweeper – promote their filtering technologies in the West as tools for parents and schools trying to shield children from online pornography and employers looking to maintain a professional work environment. But they also appear to make their software and URL categorization services available to state-run ISPs and telecoms in Middle Eastern and North African countries, such as Bahrain, UAE, Qatar, Oman, Saudi Arabia, Kuwait, Yemen, Sudan, and Tunisia. These ISPs and telecoms, and the governments behind them, use the software to filter out Internet content that they don’t want their citizens to see.

What content? Well, depending on the Western software company, any of the millions to billions of websites that the company has categorized. And the categories, of which multiple companies boast that they have more than 90, range from porn and violence, to dating and filesharing, to politics, religion, and even anonymizers. All the repressive regime has to do is to buy the software, pay the Western company to maintain the database of categorized websites, click the check boxes next to the categories of sites that it doesn’t want its people to access, and viola, the Western company has commercialized censorship. As the report puts it, “This is not simply a case of a general purpose, neutral tool being used for an end not contemplated by its maker. The filtering products of today engage in regular communications with their makers, updating lists of millions of websites to block across dozens of content categories, including political opposition and human rights.”

The report illustrates how the categorized lists these companies maintain tend to be overinclusive – after all, a governmental customer is unlikely to care if more speech is censored than necessary as long as nothing that it doesn’t want its citizens to see gets through. Furthermore, to give a repressive state the flexibility it needs to oppress effectively, most Western companies also allow their governmental customers to create user-defined lists of sites to filter, in case there is additional content that the government wants to block. Finally, some combination of the Western companies and the governments who use their products has recently moved to obscure attribution of filtering to these products, so citizens – and groups like the OpenNet Initiative – have a hard time determining who is allowing their government to censor the Internet.

It doesn’t have to work this way. Western companies don’t have to sell their filtering tools to repressive regimes – or any government or state-run ISP. They could limit customers to individuals and private employers. Moreover, they don’t need to maintain lists of categorized sites at all. And even if they want to keep lists of violent or pornographic sites for legitimate users, classifications such as “politics,” “religion,” and “privacy” are inexplicable unless the Western company is actively trying to help its governmental customers muzzle speech, and inexcusable then. Therefore, at a minimum, the Western companies could get rid of many of their categories.

Risks would still exist. Governments could steal the technology, as Iran may have done with McAfee’s SmartFilter. And in certain cases, repressive regimes could adapt free software developed for innocuous purposes to filter their citizens’ Internet. These risks – and others – may be sufficient to counsel against supplying anyone with any tool that can be repurposed for state-level censorship. But at the very least, Western companies shouldn’t be continuously complicit in government Internet censorship by selling repressive regimes the software and regularly providing them with updated lists of sites to filter.

It’s remarkable how brazen these Western filtering companies are. For example, one American company, Websense, has an explicit policy not to facilitate government censorship, except to restrict pornography. But among its nearly one hundred classifications listed in the report are such categories as “Advocacy Groups,” “Traditional Religions,” “Political Organizations,” and “Educational Institutions.” Perhaps Websense can articulate a legitimate reason for these categories, but it seems a stretch to relate them to “Adult Content,” which is a separate category in any case.

Another company, Netsweeper, is apparently perfectly willing exploit the freedom of foreign peoples by selling its software to government-backed ISPs looking to “block inappropriate content to meet government rules and regulations ‘based on social, religious or political ideals.’” Meanwhile, McAfee remains mum on how its relationship with repressive governments plays into its business conduct and ethics policy.

In an online world where we condemn oppression of a single netizen as cyberbullying, what do we call the conduct of Western companies that collude with governments to oppress an entire citizenry? Cyberrepression? And should companies that ostensibly exist largely to give parents the control needed to shield children from harmful Internet content be surprised if the government that created them exerts another form of parental control – the kind that parents use on poorly-behaving children with no self-control – by regulating the companies’ own asocial behavior? After all, if corporations have rights and obligations based on the legal fiction of corporate personhood, then these companies are the all-too-real sociopaths of the corporate world.

Even better, customers in Western countries can send a free-market message to these companies without having to resort to a regulatory intermediary: such duplicitous behavior – marketing software in the West as a tool to empower parents and businesses but in the Middle East and Africa as a tool to enervate a state’s citizenry – isn’t acceptable. We shouldn’t buy software that’s supposed to protect if its maker also sells it as a means to abuse.

—Jennifer Halbleib

Amazon strong-arms a third-party Kindle service. Amazon shut down Lendle, a popular Kindle service that allows users to lend their books to strangers, last week because it didn’t “serve the principal purpose of driving sales of products and services on the Amazon site.” Two days later, after customers tweeted their displeasure, Amazon informed Lendle of the specific feature that got the service blocked. That feature, Book Sync, scraped the Amazon site itself to determine which books in a user’s library were lendable (not all are). Lendle removed it and is now back up and running. Axing a company’s service to your platform without notice or an opportunity to address the issue is a severe sanction and may intimidate service providers to comply rather than publicly balking at your demands. Here, Lendle disabled the offending feature without a row. Then again, maybe the company knew all along that Book Sync violated Amazon’s policies. While Lendle could argue that Amazon shouldn’t restrict harmless features of third-party services, flagrantly violating those policies could lead Amazon to boot a service.

While Apple and RIM pull the plug. This week both Apple and RIM removed controversial apps from their official app stores. Apple pulled an iOS app from Exodus International that propounded techniques and resources to treat homosexuality. And after several U.S. senators urged Apple, RIM and Google to remove the PhantomAlert app, which maps locations of nearby DUI checkpoints, from their respective app stores, RIM complied. So far, Apple has not removed PhantomAlert and Google refused to pull the app, saying that the app does not appear to violate Android content policies. Apple’s ultimate decision may shed some light on how it views its role as a benevolent gatekeeper: under what circumstances will Apple feel the need to step in and protect users from apps that are legal and don’t harm the device or expose personal data, but nevertheless contain content that users find offensive or believe is personally harmful? Similarly, should Exodus International come out with Android and BlackBerry apps, it will be interesting to see where RIM draws that line – and whether Google draws it. Of course, even if Google were to remove such apps from its official Market, Android’s open platform means that users could still download them from third-party app stores and sites.

And Google flips the kill switch. While Android owners may download third-party apps from Web sites that are independent of the official Android Marketplace, Google retains the power to reach in and remove apps from the phone without the owner’s permission. It recently did just that with over fifty apps containing code that, apparently as an initial step towards constructing a mobile botnet, rooted users’ phones. In this case, the apps were malicious and free. Google prevented users’ phones from co-option by a botnet and the users weren’t out any money. But by highlighting the precision and efficacy of tethering, Google may have put its remote kill switch on the table as a means for removing any illegal content. TiVo v. EchoStar showed us that some courts are willing to force an infringer to reach in and disable infringing devices that users have already purchased and installed in their homes. Courts may be less inclined to take such action against illegal content on a cell phone if it similarly means basically bricking the device. Cutting off innocent users’ phone service would be a much more disruptive remedy than frying their DVRs. But since Google has just demonstrated that it can excise the offending content specifically, why wouldn’t litigants ask courts for it as a remedy?

In the end, all four platforms decided what exactly their users own. Users buy a device, but what that device actually does is a service controlled by the platform. This service is subject to change at the platform’s discretion if, for example, it harms the device or doesn’t fit the company’s business model – and subject to change if senators, courts, advocacy groups, or anyone else can pressure the platform to take action.

In the past month we’ve seen two countries try to “turn off” the Internet. On January 27, in Egypt, which had previously known few restrictions on Internet access (though, to be sure, intimidation of bloggers and activists was common), nearly all ISPs stopped delivering bits to their subscribers, even though data transiting Egypt from the outside world kept flowing normally. One Egyptian ISP, Noor, stayed up for a few days amidst speculation that it had been spared because major banks and the Egyptian stock exchange were subscribers; subsequently it went down, too. Internet access was then restored before the Mubarak government fell. In Libya, irregular nationwide outages lasting anywhere from a few minutes to seven hours have been occurring since the February 19.

This is nearly unprecedented; only brief incidents in Nepal and Burma, in 2005 and 2007 respectively, could compare. The events have renewed debate over proposed U.S. legislation that might give the government a similar ability to pull the plug on Internet communications in an emergency.

The bill, introduced in the Senate first last fall and again this spring by Senators Collins and Lieberman, was first titled “Protecting Cyberspace as a National Asset Act of 2010,” and then “Cybersecurity and Internet Freedom Act of 2011.” Many observers have simply called it the “kill switch” bill, suggesting that the bill would give the President authority to shut down the Internet, perhaps in ways just seen in the Middle East. That’s an unfair characterization. But there are other reasons to be skeptical about S.3480.

The bill contains a lot more than just the provision for a so-called “kill switch.” It provides for the establishment of a White House Office of Cyberspace Policy, tasked with oversight over all “instruments of national power relating to ensuring the security and resiliency of cyberspace” and the enforcement of security standards developed by the National Institute of Standards and Technology (NIST)  across both public and private sector “critical infrastructure systems.”    (NIST is the National Institute of Standards and Technology, an agency at the Department of Commerce tasked with advancing measurement science, standards and technology. Among other things, it houses the atomic clock which keeps the nation’s official time.) It also provides for the establishment of a National Center for Cybersecurity and Communications at the Department of Homeland Security, which would oversee the United States Computer Emergency Response Team, which, as the public/private operational arm of the National Cyber Security Division,  acts to disseminate cybersecurity information from the research and government communities to the private sector.

Then there’s the most controversial bit: the bill proposes that, in the event of a “cyber emergency” as declared by the President, the Department of Homeland Security could issue mandatory orders and directives to “critical infrastructure systems”. This has been interpreted as meaning that the goverment could “shut down” the internet within the United States.

Under what circumstances this would be warranted depends largely on interpretation. The bill says a “cyber emergency” is an “actual or imminent action by any individual or entity to exploit a cyber risk in a manner that disrupts, attempts to disrupt, or poses a significant risk of disruption to the operation of the information infrastructure essential to the reliable operation of covered critical infrastructure”. “Critical infrastructure” is in turn defined as those systems whose “disruption or destruction would cause a mass casualty event which includes an extraordinary number of fatalities; severe economic consequences; mass evacuations with a prolonged absence; or severe degradation of national security capabilities, including intelligence and defense functions”.

That all sounds pretty narrow: most Web servers would not qualify as that type of infrastructure–nor would a small ISP.  Responding to criticism of the kill switch idea, the Senate has said that the bill is intended to provide a “precise, targeted and focused way for the President to defend our most sensitive infrastructure,”  further defining that infrastructure as systems involved in the vital maintenance of the telecommunications networks, electrical grid, water systems and  financial systems. Of course, as more systems move to the cloud, there’s a question of whether we will start to find these critical infrastructure systems interwoven with more mundane civilian resources, and what the implications of such mixing would be under this bill.

Putting it all together, this means that a cyber emergency would only to be declared in the event of an imminent risk of massive death and destruction, severe economic damage, mass evacuations or harm to our national security capabilities—the worst of all possible scenarios.  But a critical issue is what kind of review there would be of whether a declared emergency really qualifies under the bill.  Though there is no direct identification of critical infrastructure beyond those whose disruption would cause scenes from the movie 2012, there is a means in the bill for those designated as critical infrastructure systems to appeal that classification.

The new draft of the bill– likely responding to public anxiety over kill switches–explicitly forbids a shut down: “neither the President, the Director of the National Center for Cybersecurity and Communications or any officer or employee of the United States Government shall have the authority to shut down the Internet.”

Any emergency measures developed and implemented in the event of a cyber emergency would also expire within thirty days, with the possibility of several thirty day extensions.  To be sure though, thirty days is a long while in Internet time, and more than enough time to change, perhaps irreversibly, a company who find itself on the wrong side of the critical infrastructure designation.  Most important is to try. It’s also hard to imagine the circumstances under which these provisions would be invoked.  By the language of the bill, it would appear to be nothing short of a massive virus–or physical–attack in which ISPs stood idly by as malware spread like.  Of course, should that situation arise, it’s not clear that sending in the Marines (figuratively, if not literally), and telling various ISP’s to fix it would make any difference–as if they somehow wouldn’t be trying to do that anyway, and as if the government would have any comparative advantage in understanding the situation than the Internet engineers themselves would have.

Oddly, the U.S. government may already have the authority to shut down the Internet anyway. Section 706 of the Communications of Act of 1934 – written into the Act shortly after the 1941 attacks on Pearl Harbor – provides the President with the ability to shut down “any facility or station for wire communication” or take federal control of such facilities in the event of a “state of war” and for up to six months after the expiration of such a state. Of course, the War Congress of 1941 wasn’t thinking about the Internet at the time, though there is some indication that the Department of Homeland Security believes this provision could apply.  In June of 2010, the Department of Homeland security apparently cited Section 706 as “one of the authorities the President would rely on if the nation were under a cyber attack.”

The new bill does not permit such a Federal takeover or shutdown, limits the amount of time a cyber emergency declaration can be in effect, and contains language intended to render the emergency measures as non-disruptive as possible.

Beyond the legalities or politics of drastic action, it’s worth asking whether the type of Internet shutdown seen in Egypt and elsewhere is even possible in the United States. Internet penetration in Egypt is around 15.4%, high for Africa but low compared to the rest of the Middle East; penetration in Libya is around 5% ; in Burma Internet penetration is at less than 1%.  They have much smaller populations than the US, in smaller geographic areas.  The shuttering of one or two ISPs has a much greater effect in these small markets than it would in the States.  It is unlikely that the government could, though social and political pressure not backed up by statute and public accord, cow the hundreds of different ISPs operating in the continental United States to all shut down at once.  Someone bent on disrupting Internet access would have to focus on Tier 1 ISPs – those who provide Internet access to other ISPs, and for which a shutdown would have the biggest ramifications.  Another potential method for shutdown would be disrupting one or more of the major Internet exchange points or “carrier hotels” that exist around the country.  Going after major wireless providers could also have a big impact. However, the likelihood of a complete shutdown remains low: at the point such a measure would be attempted we’d likely have plenty of other problems to raise with such an overreaching government.  More important, with Internet access so crucial to the economy and to state and federal governments, a broad-based shutdown would carry incalculable costs.  The point at which the Internet is so suffused in a society that a censorious government could consider turning it off is also the point at which the Internet is so suffused in a society that a government would likely not dare turn it off.  Egypt and Libya provide new and surprising counter-examples to that hypothesis, but even in Egypt access was restored while the Mubarak government was still in power.  And the level of integration of the Internet with layers of the American economy and communications system is an order of magnitude more than in Egypt and certainly Libya.

So, while there is no a kill switch hidden in the bill, it provides for the establishment of two federal bodies responsible for the development and enforcement of certain private and governmental security standards in the area of critical infrastructure systems, and establishes the ability of the government to give mandatory directives and orders to the private operators of critical infrastructure systems in the event of a cyber emergency, which is defined to sound a lot like a real emergency.

That said, is this bill a reasonable reaction to the current state of cybersecurity in this country?

The bill endows NIST with the ability to create security standards, in conjunction with the private sector, which would then be imposed on federal agencies and private operators of critical infrastructure systems.  This introduces the potential for mission creep, and moreover, it is simply not known what those standards will be yet.  Would such standards include the capacity for deep-packet sniffing, other methods of surveillance or backdoors?  Who within NIST and the private sector would have final say in the creation of these standards, their implementation and enforcement?  Does the government currently possess the expertise to take on this task to begin with?  What actions will the relevant agencies take to ensure they have that experience at the ready when it comes to developing these standards?

When it comes to improving the online security environment in this country, everyone has work to do, including the federal government.  Keeping up with patches and updates, changing default usernames and passwords on critical systems and choosing unique, complex passwords that change regularly are just some habits of good security that should be widespread but aren’t. Some parts of this bill, like section 301 which in part provides for the withholding of bonuses to senior agency officials whose agencies aren’t up to snuff, may be a good step towards implementing a functional and habitual security environment at the federal level.  Some other sections clearly need more consideration and debate.

That the information security environment in this country and around the world needs work is clear.  Whether or not this is the bill that is needed, or even whether the federal government should have a role in regulating civilian, private sector infosec, is less so.

An edited version was published this morning by the MIT Technology Review.

Retailer’s Terms and Conditions attempt to restrict negative online reviews. After a consumer posted a negative review of an Internet retailer online, the retailer reached out, not to apologize, but rather to threaten a libel suit. It turns out that the retailer’s Terms and Conditions aim to limit the circumstances under which an unhappy customer can publicly review her experience. For example, it requires that the consumer base her critique on documented evidence, and the retailer must not have responded to her customer support request for at least seventy-two hours. It’s not clear whether a mass contract like a terms of service can penalize speech that wouldn’t otherwise be libelous. And truth is usually a defense against libel. The article also points out that the email threat’s claim that “Libel is a prosecutable felony in the state of Washington” is false – the state has held that criminal libel laws are unconstitutional. So perhaps the TOC and follow-up emails are designed to scare potential negative reviewers, or at least give them pause before they take five minutes to besmirch the retailer’s reputation online.

Apple changes its policy on iOS e-book and subscription sales. If a company has an iOS app and allows users to buy premium content, such as e-books to be displayed by the app, with purchases made via a Web site (and therefore avoiding giving Apple a cut), Apple now requires that the company also allow users to make those purchases in-app (where Apple takes 30% of the price). Magazine or newspaper subscriptions sold through a browser must be available for the same price or less in iTunes as well. And publishers can no longer embed links in their iOS apps to Web sites that sell content. Furthermore, customers must be asked and then agree to release their information to publishers when they buy content through iTunes, so publishers are less likely to get the valuable consumer data they want for targeted advertising.

Google launches subscription payment service. After Apple announced its iOS subscriptions model Google followed with its content payment system, One Pass. One Pass operates across platforms. Customers who purchase content through their Google accounts can access it on their computers, tablets, or smartphones (though presumably not on their iOS devices, though there’s no technical reason this has to be the case). A spectrum of models is available to publishers: they can sell by the article, offer subscriptions, or provide day passes, among other options. Unless a customer opts out, Google shares customer name, zip code, and email address with the publisher. For One Pass service, Google takes 10% of sales revenue.

RIM tablet rumored to run Android apps. RIM may be developing software that would allow its PlayBook tablet to run Android apps. The move would increase the number of apps that can run on PlayBook more than six-fold to over 130,000 apps, making it more attractive to consumers. The tablet, promoted as the company’s answer to the iPad, is slated for release this year.

Facebook and the bright side of human flesh search engines. A woman who found a camera in New York City identified its owner in three hours by posting pictures from its memory card to Facebook and tagging her friends to solicit their help in the search. Web sites designed to reunite owners with their lost property exist, but both the finder and the seeker must know of them and go to the same one. Facebook doesn’t suffer from either problem. Although Facebook is not a fully public forum – most users restrict access to their profiles in some way – in this case it ended up being a big enough network to connect a helpful New Yorker with a grateful French tourist.

Boston promises a pothole-reporting app. It’s probably not something that Apple would have developed on its own initiative: an app that detects and automatically reports potholes using GPS and accelerometer data from the driver’s phone is in the works by the city’s “Office of New Urban Mechanics.” (!) While an unsafe driver may be wary of sending such information to city officials, the app’s developers see it as a new form of civic engagement. Perhaps we’ll see a pothole-filling app next year.

Google adds new security and crowdsourced ranking features. Google has recently added two new features. The first feature lets people with Google accounts add a second password. An account holder generates this additional code every time he wants to login, receiving it on his phone. It expires after a few minutes – giving the user time to log into his Google account – and so dramatically reduces the chance that it will be phished. The second feature is a Chrome extension that allows searchers to block sites that they don’t want to see in their Google search results. The user reduces unhelpful content farm results in her own searches, and Google draws on the information to tweak its rankings to decrease global content farm contamination of results.

Corporate strategies for information security and transparency. As more and more information is stored in the cloud and shared through networks, companies are increasingly susceptible to accidental or intentional disclosure of sensitive information. The Economist reports that corporations are taking a range of approaches to address the problem, from technological restrictions and monitoring (software or hardware that limits or watches what employees do with data) to cultural awareness (explaining to employees how particular acts put data at risk) or openness (sanctioning the release of more information to promote trust). Meanwhile, 40,000 individual Gmail account holders lost their cloud-stored emails and contacts this week because of a bug in a software update. Google is in the process of restoring users’ data to them — from backup copies on tapes.

Android app hacked to repeatedly text premium numbers. Hackers, apparently in China, have inserted code into a legitimate Android app that causes it to continuously text premium numbers. The altered form of the (already free) Steamy Windows app is available on unauthorized app sites. Once a user installs it, the app sends text messages to premium numbers, running up the user’s bill. It also blocks incoming texts from the wireless service provider that would normally alert a user that he has exceeded his text message quota. The hackers get a commission for each text sent to the specified numbers. Unwitting Android owners are at greater risk of attack, because unlike iOS owners, they can download apps from third party sites in addition to the official marketplace.  That makes them more generative — but also less secure, leading to the “generative dilemma.” (cached) [Cached because the cloud-based host for the deep linkable version of the Future of the Internet — And How to Stop It has vanished — ironic (or fitting?), given the book’s warning about the dangers of cloud-based platforms.

PCs as an endangered species. As the evolution of computing devices marches forward, PCs may be headed for extinction. Smartphones and tablets are increasingly marketed as PC replacements. These mobile devices can be used on their own, but also connect to a range of peripherals — laptop shells, monitors, keyboards, mice, even docks that turbo-charge performance with extra CPUs — for a more PC-like experience. For example, Motorola’s Android-based Atrix smartphone can run the desktop version of the Firefox browser when docked, giving the user access to cloud-based services like Google Docs in addition to the apps installed on the phone. But Firefox doesn’t run off the Atrix, it runs off a minimal Linux machine in the dock. And the Android app ecosystem doesn’t yet match the diversity of PC applications. Still, as mobile devices and the Web 2.0 apps and services (cached) they support become more sophisticated, it’s likely that they will expand out of their niche and invade the habitat currently occupied by PCs.

—Jennifer Halbleib

The European Journal of International Law published on an affiliated web site a short book review.  The author of the book reviewed was displeased, and wrote to the editor asking for it to be taken down.  He declined in a very thoughtful letter, part of a correspondence reproduced here. He suggested that he would forward the author’s comments to reviewer, and in “uncharted” territory, possibly be prepared to approve a revised review by the reviewer and substitute that in on the Web site.  The reviewer declined to make any changes, and the editor stood by that decision.

Three months later and the editor — not the reviewer — found himself the target of a criminal libel investigation in France.  Strange location, since …

[t]he author of the book was an Israeli academic. The book was in English. The publisher was Dutch. The reviewer was a distinguished German professor. The review was published on a New York website.

He’s written up his experience with the trial, which was last week, here.  Fascinating — and chilling — reading.

You may have heard of Herdict, the Berkman Center project to crowdsource reports on the moment-to-moment health of the Internet.  (Video introduction here; FAQ here.)  We are seeking a CEO for it!

Since last year Herdict has tracked big blockages like those of China’s Great Firewall, and small ones like the temporary block of WordPress in Guatemala.  Herdict receives thousands of visitors each day and hundreds of reports from just about every country.

Last summer we were awarded a $1.5M grant from the Omidyar Network to take Herdict further, which means setting it up as a standalone non-profit, partnering with browser makers to increase Herdict’s paths for gleaning and sharing data, exploring new ways of crowdsourcing, and securing additional funds (part of our grant is for matching contributions).

So, the new Herdict venture needs a CEO.  The ideal candidate would have some combination of start-up experience, a rich human network (in the US and ideally, abroad), familiarity with the Net, experience in building and motivating online communities, and a commitment to turning Herdict into a sustainable nervous system for it.  The CEO will build and lead our technology team to shape the future of Herdict, figure out how it can best integrate with other worthy efforts in this zone, and define what the boundaries will be of just what Herdict will aspire to do.

The team will be located in Cambridge, Massachusetts — so it will help if the CEO is prepared to live in the Boston area, and at least travel there regularly.  The CEO will work closely with the board of Herdict and with faculty from the Berkman Center and members of the OpenNet Initiative as we figure out how to measure and preserve a free and open Internet.  Salary competitive.

Statements of interest can be sent to jobs@herdict.org.

[cross-posted at the CDT blog]

How the Internet is running out of room, and what we must do about it

“CDT Fellows’ Focus” is a series from CDT that presents the views of other notable experts on tech policy issues. This week, CDT Fellow Jonathan Zittrain and Leslie Daigle write about the end of IPv4 address space. Guest posts featured in “CDT Fellows’ Focus” don’t necessarily reflect the views of CDT; the goal of the series is to present diverse, well-informed views on significant tech policy issues.

The Internet’s framers famously designed it without predicting much about how, or how much, it would be used. For example, the network’s capacity was conceived less in a count of precisely how many could participate at once – the way traditional phone circuits worked – and more in flexibly divisible bandwidth. As that bandwidth got saturated, it would degrade gracefully: data might move slower for everyone, but no one would get an “all circuits are busy” message. In ways large and small, what animates Internet protocol design is a procrastination principle: if something can work well, it doesn’t have to be perfect, and not every problem or limit must be anticipated and preempted. Potential but still speculative flaws can be fixed later – possibly somewhere other than inside the network.

Unfortunately “later” is arriving now for a crucial piece of the Internet: its ability to tell one attached device from another. Internet architects designed a simple way to identify participating computers and route data among them: assign each a unique number: an Internet Protocol (IP) address. No IP address, no delivery. The routers in between you and your friend use your friend’s number the way a postal service would – the number says something about where she is. That’s made possible because IP addresses are clustered together, just like street addresses grouped in a ZIP or other postal code.

The system has an Achilles’ heel: there are a limited number of numbers. It might seem that you could add 1 to whatever the last number is and keep going, but there’s a hard cap in venerable Internet Protocol Version 4 (IPv4): 4 billion IP addresses, which the Internet is outgrowing in much the same way that applications outstripped the original 64K of memory expected for a PC running Microsoft DOS. There is now general agreement among Internet technologists that the end days are upon us: the last block of fresh IPv4 addresses will likely be allocated to the Internet’s North American address warehouse in early 2011, to be passed out to Internet Service Providers here by mid- to late-2011.

Worse, because of the clustering of addresses, we can’t squeeze the last bit of digital toothpaste out of the tube as fresh numbers become scarce. There’s a gray market for chunks of already-allocated numbers despite restrictions against selling them – and some telecommunications providers are rumored to have been purchased only for their numbers! – but such used numbers carry their own risks. Anyone who has inherited the former phone number of a pizza shop will appreciate that some numbers are less desirable than others. Moreover, some IP addresses have at one time been the source of cyberattacks, or hosted politically sensitive content, and the resulting blocking of traffic originating from them by various ISPs is rarely revisited by those ISPs. (Who wants an old Wikileaks IP address?)

Running out of fresh numbers will not stop the Internet from working. But, unchecked, it will greatly complicate growth. As new computers and devices come online, something has to give – making more use of existing addresses, or finding a new way to address things.

In the first category – making do – the procrastination principle has bought us some time. Enterprising engineers developed an ingenious baling-wire-and-twine workaround to the one-number-per-computer rule. Known as network address translation, or NAT, it allows the holder of a single IP address to share it among a group of computers. This happens nearly every time you hook up a wireless router and access point at home: your ISP only gives you one number, and you use your inexpensive router to share it with everyone who connects to your network. Cable and DSL ISPs are considering the same thing to put larger networks of multiple customers behind a single address, at least as an interim measure. Unfortunately, like most such workarounds, it doesn’t really work as well as having one number per machine: the fancy footwork required to share a number around can limit the kinds of applications you can run, and greatly increase the complexity of some software, such as Skype Internet telephony, if it’s to work at all. NAT has bought us some time – much of Qatar has been known to share one IP address – but it’s spackle covering a rapidly-rusting architecture stretched far beyond its creators’ wildest ambitions.

Which brings us to a more comprehensive solution. Internet technologists did not sit idly by when it became clear IPv4 could not last. Over a decade ago, they specified its successor, IPv6 (don’t ask what became of IPv5), with a few hundred trillion trillion trillion addresses. Such huge swaths of address space promise something even better than a well-functioning market for valuable but limited assets: abundance so great that no market is required, only careful administration. Unfortunately, for IPv6 to work, nearly every piece of networking software and hardware from one end of a data transmission to the other needs to be upgraded. If just one link in the chain hasn’t been upgraded to understand the new numbers, IPv4 will still have to be used.

The idea for transition was that systems would work with both protocols for awhile, and gradually IPv4 would end not with a bang, but with a whimper – fading away like, say, the telegraph or telex addresses that used to share letterhead with telephone and fax numbers. However, even though many operating system and hardware vendors have been anticipating IPv6 for years (current Mac and Windows systems now support it out of the box), there are still gaps in available products and little business dependency on it, and there has been remarkably little deployment. This is consistent with the procrastination principle: the only networks that have deployed IPv6 are those that have found a business model for which it as a requirement. And, because the benefits are, generally, global rather than local to one network, the procrastination principle becomes a Prisoner’s Dilemma: we’re all better off if we all move to IPv6, but the worst case is if you pay to move while others don’t. So why not wait – forever, if others act similarly – for everyone else to do it before making the investment?

We’ve spent a decade with few networks taking the plunge to deploy IPv6.

This holding pattern is not likely to persist. With the larder dry, in the absence of fundamental innovation in Internet Protocol, we’d see an unfortunate ramp up in the use of NAT and its complications, coupled with parties’ tussles over existing ‘pure’ IP addresses like rats fighting over crumbs. Demonstrated shortcomings of the type of IPv4 address sharing include degraded performance of network-intensive web services: web pages where different pieces show up slowly, rather than seamlessly. Customers will not see a poor network connection – they will perceive poor service from the product or company.

More directly, IPv6 is gaining ground among new entrants (who have little choice), so the days of an all-IPv4 Internet are numbered. In developing its broadband strategy, India went for IPv6. New industries looking at wide scale networking are also looking to IPv6 in order to have access to adequate address space, and to be able to build novel network architectures, unencumbered by the structural assumptions needed to support address sharing.

The best future for the Internet is for all networks to deploy IPv6, and pay the price of working in a dual IPv6 / IPv4 world for a period of transition. If companies wait until the business impacts of degraded IPv4 network experience or the identification of opportunities to work with new (IPv6) networks are upon them, the need to make a transition more quickly than a multi-year equipment refresh cycle will likely be more costly and difficult. So how to encourage enough entities to take the plunge?

One way out of a classic problem demanding collective action is through regulation. A government can incent or compel everyone to contribute. However, this would require coordinated regulation across boundaries not recognized by network traffic – the intricacies are daunting, and for the Internet without precedent. And if successful, governments might gain an appetite for controlling the direction of an Internet which previously managed growth and innovation through elective uptake. Few are enthusiastic about mandated transitions.

Another way out is through leadership by big players. For example, governments aren’t just regulators of information technology, they’re purchasers of it. By insisting that government- and military-run subnetworks are IPv6, they’ll stimulate demand for the newer technologies and encourage intertwined private parties to follow suit. The US government’s Office of Management and Budget followed just such a route in 2005, requiring all government services to be IPv6 capable by 2008. In September, Vivek Kundra crystallized requirements for government websites to be IPv6 capable.

China has been leading IPv6 adoption for years, in part because it may otherwise feel the IPv4 number crunch most acutely, and perhaps because the government has determined that it’s in the country’s best commercial interests. Some large companies have placed bets on an upgrade. Google has been public about its activities to deploy IPv6, and a business rationale to not be last to market with IPv6 support.

A cold calculus on such investments for many Net-connected enterprises may indeed suggest holding off. But what has made the Internet better than the more proprietary networks that it eclipsed is that its participants have had a sense of stewardship of the space, justifying the absence of government planners and sheriffs, or a single corporate umbrella. Engineers from the public and private sectors labor on Internet protocols with loyalty to a network functioning as a commons, not simply to their employers’ particular business models. An investment in IPv6 from enough corners is sensible if each corner decides to factor in the benefit to the overall ecosystem – not just itself.

If such capacious thinking comes through, the Internet won’t run out of space – and we can go back to procrastinating on its future.

Jonathan Zittrain is Professor of Law and Professor of Computer Science at Harvard University, where he co-founded its Berkman Center for Internet & Society. He is a member of the Board of Trustees of the Internet Society. Leslie Daigle is Chief Internet Technology Officer for the Internet Society.

On December 20, Apple removed an unofficial Wikileaks app from the App Store. Apple had approved the app, which simply showed the Wikileaks twitter feed and website, three days earlier. Considering Apple’s uptight attitude toward iPhone and iPad apps, it is perhaps more surprising that an app providing access to the controversial site’s content was approved in the first place than that it was quickly yanked from the store.

Although there was initially speculation that Apple pulled the Wikileaks app because it either was “not very useful” or was a paid app that solicited charitable donations and therefore contravened the Developer Guidelines (pdf), Apple later justified the app’s removal under other provisions of the Guidelines: “Apps must comply with all local laws and may not put an individual or group in harm’s way.” The app’s developer had promised to donate one dollar from each $1.99 sale to Wikileaks, giving people a way to support the organization after Paypal, Visa, and MasterCard stopped facilitating donations to the non-profit because of its questionable activities. Apple’s reluctance to serve as a conduit of funds for Wikileaks, no matter how nominal each individual donation, is a possible secondary motivation for removal. The app raised $4443 for Wikileaks while it was available in the App Store.

The app can still be downloaded onto jailbroken iOS devices from Apptrackr, and apps that provide access to Wikileaks documents are available for Android phones. In addition, the App Store itself has a handful of apps that give Wikileaks news and updates, but presumably don’t let users look through the leaked information. Nevertheless, Apple’s unilateral control over which apps users can run on their iPhones and iPads again raises concerns that a closed platform enables censorship either by Apple directly according to its standards or by government pressure on the company. And since Wikileaks posts appear to be both newsworthy and legal (so far), pulling the app may well have a chilling effect on other news outlets considering publishing controversial information of public interest to their iOS apps. For example, would Apple also pull the New York Times app if the newspaper posted a story on the leaked cables to its app?

These concerns, both disturbing and credible, will grow as more people get their news from apps run on closed platforms rather than print or Web sources. But the (hopefully farfetched) nightmare scenario is a universally adopted closed platform with a slick, free Wikileaks app… that gives users access to documents that have been surreptitiously altered to remove or even provide false information. A similar worry exists with search engines or ISPs that are overwhelmingly dominant or government-enforced monopolies. If such a search engine doesn’t index the Wikileaks website (or indexes a modified fake site instead), the site may as well not exist, unless a user knows where to look. And incidents during the recent Belarussian election highlight how a national ISP could achieve an analogous result by redirecting requests for a legitimate independent news site to a fake one.

In the past, open, distributed media in the U.S. has made such tactics impractical. And there still may be little chance that extreme deception of this nature could occur in the U.S. as private companies don’t often have an incentive to mislead their customers and the government is constrained from doing so. Yet it’s worth thinking about, both out of concern for citizens of other countries and because our government does on occasion employ technology to covertly alter reality by, for example, wiretapping or other surveillance. Surveillance is distinguishable in that it is directed against a particular individual or group, usually requires a warrant, and, while deceitful, simply collects information instead of affirmatively providing misinformation. But if authorities have probably cause, is a warrant to push an app “update” to a specific individual that provides inaccurate information to thwart criminal activity or facilitate capture – say, an altered fight schedule or public transit timetable – acceptable? In a very small minority of cases courts have enjoined the publication of certain information, but is there ever a situation where, if feasible, it would be permissible for the government require a company to mislead the general public? We may never need to answer these questions, but Apple’s response to the Wikileaks app is a step in their direction.

—Jennifer Halbleib