Google wrestles with the generative trade-off. Security experts have found another set of malicious apps in the Android Market and discovered that Google Docs regularly hosts phishing sites.

Falun Gong sues Cisco for facilitating official Chinese repression. Members of Falun Gong have sued tech giant Cisco in a U.S. court, alleging that the company customized its technology to meet government tracking and censorship needs and helped design China’s Golden Shield, the country’s infamous online censorship and surveillance firewall. The group also claims that Cisco marketed its technology as a tool to target government dissidents.

Hargreaves Review published. The review evaluates the fitness of the UK’s intellectual property regime for an internet age. It finds that IP laws put in place several hundred years ago are now stifling modern innovation and goes on to make ten specific recommendations for IP law reform to correct the problem. These recommendations include approaches to clearing patent thickets; dealing with orphan works; and transitioning to evidence-based, rather than lobby-based, IP policy; as well as rejection of a US-like fair use limitation.

Facebook users benefit from a Web of Trust. Clicking a link on your Facebook page that the crowdsourced Web of Trust service has identified as spammy or malicious will now bring up a warning that you may want to avoid the suspect site (and also check out Wikipedia entries on malware and phishing).

iFlowReader closes. Independent iOS e-book retailer iFlowReader shut down at the end of May. According to the company, Apple’s new e-book seller rules made it impossible to turn a profit. (The rules require sellers to give Apple a 30% cut of sales while at the same time limiting the seller to only a 30% commission, so the seller gets the commission from the publisher but then owes it all to Apple.) Company execs expressed frustration that, in their view, Apple maintained complete control over its platform and felt free to change the rules on developers, even after they, relying on the old rules, had been induced to make significant investments.

TiVo and EchoStar settle. The case involving a judicial order to EchoStar to send a remote signal disabling its customers’ DVRs ended in a whimper last month when the parties settled after the Federal Circuit held that EchoStar had waived its arguments that the disablement provision was vague and overbroad. EchoStar had asserted that it legally should not have been forced to disable the DVR boxes because it implemented a design-around instead so that the boxes no longer infringed TiVo’s patents. But the court didn’t reach the merits of this argument, since it held that the time to raise such issues was before the district court found EchoStar in contempt. So while we know that the Federal Circuit doesn’t have a problem with trial courts issuing a disablement provision to remedy patent infringement, we still don’t know whether the infringing party could avoid disabling its users’ products by pushing an update that replaced the infringing technology with a non-infringing alternative.

—Jennifer Halbleib

The U.S. government uses a PC control switch? The U.S. federal government obtained a temporary restraining order in April that allowed it to send to private computers unwittingly part of a massive criminal botnet a command that disabled the malware. In the past, the government has cut off or seized the command-and-control servers and computers that run a botnet, but here – without notice, because federal agents were still trying to collect the IP addresses of infected computers – the government issued a command to personal computers owned by innocent targets of the Coreflood botnet. Arguably, since Coreflood steals private data and loots victims’ bank accounts instead of just generating huge amounts of spam, the government had sufficient justification to order citizens’ (and non-citizens?) computers to kill the program. But in addition to concern that the command itself might unintentionally damage some private machines, such a path may be quite slippery. After all, prevention may be cheaper than disease; why shouldn’t the government push security software to all personal computers? And why shouldn’t it monitor citizens’ online activity to make sure they aren’t downloading programs from malicious sites? Nonetheless, how different is the command in this case from required residential building and health standards or mandatory vaccinations for schoolchildren? The government regulates personal safety in the real world when it implicates the broader public good, why shouldn’t it do the same online? And in the end, an individual can avoid running the command on his computer (and dodge the botnet risk, too) by simply disconnecting from the Internet.  Of course, that makes the computer slightly less useful.  The phenomenon is reminiscent of this Wired account from 2003, though note the reporter’s credibility appears to be in question.  (!)

Google’s questionable Grooveshark takedown. Last week, the Electronic Freedom Foundation criticized Google for removing the popular music service Grooveshark’s app from the Android Market. Google has said that it was responding to an RIAA complaint but has not explained the basis of that complaint. The company did not require notice before the takedown as provided for by the Digital Millennium Copyright Act. If the complaint was grounded in copyright, EFF noted that Google’s actions departed from its longstanding position of requiring such valid notice before takedown. Because the move coincided with Google’s testimony before the Senate Judiciary Committee, EFF speculated that it was designed to mollify any Congressional skepticism that Google was not committed to copyright enforcement.  Note that apps can still be added to a phone without having to go through the Android Market.

More consumers demanding iPads in place of laptop PCs. Last quarter, Apple’s profits exceeded Microsoft’s for the first time since 1991. Overall PC sales declined 2%, consumer PCs dropped 8%, and netbooks –  the inexpensive and mobile generative PCs most similar tablets like the tethered iPad – fell 40%.

Translating iOS to WP7. Meanwhile, Microsoft is contesting Apple’s dominance of the tethered device market. Microsoft now offers a tool that helps developers convert their iOS apps to Windows Phone 7 apps. It maps the WP7 application programming interface – the set of definitions and rules an app uses to communicate with the phone’s operating system – onto the iOS API, making it easier for developers to port their apps to WP7, giving Windows Phone 7 users access to more apps, and allowing Microsoft to compete with Apple in app marketplace size and range sooner.

And a related discussion of generative PCs and tethered devices including thoughts on JZ’s thesis in the book, as well as a take on his concerns about crowdsourced work.

—Jennifer Halbleib

This is nearly unprecedented; only brief incidents in Nepal and Burma, in 2005 and 2007 respectively, could compare. The events have renewed debate over proposed U.S. legislation that might give the government a similar ability to pull the plug on Internet communications in an emergency.

The bill, introduced in the Senate first last fall and again this spring by Senators Collins and Lieberman, was first titled “Protecting Cyberspace as a National Asset Act of 2010,” and then “Cybersecurity and Internet Freedom Act of 2011.” Many observers have simply called it the “kill switch” bill, suggesting that the bill would give the President authority to shut down the Internet, perhaps in ways just seen in the Middle East. That’s an unfair characterization. But there are other reasons to be skeptical about S.3480.

The bill contains a lot more than just the provision for a so-called “kill switch.” It provides for the establishment of a White House Office of Cyberspace Policy, tasked with oversight over all “instruments of national power relating to ensuring the security and resiliency of cyberspace” and the enforcement of security standards developed by the National Institute of Standards and Technology (NIST)  across both public and private sector “critical infrastructure systems.”    (NIST is the National Institute of Standards and Technology, an agency at the Department of Commerce tasked with advancing measurement science, standards and technology. Among other things, it houses the atomic clock which keeps the nation’s official time.) It also provides for the establishment of a National Center for Cybersecurity and Communications at the Department of Homeland Security, which would oversee the United States Computer Emergency Response Team, which, as the public/private operational arm of the National Cyber Security Division,  acts to disseminate cybersecurity information from the research and government communities to the private sector.

Then there’s the most controversial bit: the bill proposes that, in the event of a “cyber emergency” as declared by the President, the Department of Homeland Security could issue mandatory orders and directives to “critical infrastructure systems”. This has been interpreted as meaning that the goverment could “shut down” the internet within the United States.

Under what circumstances this would be warranted depends largely on interpretation. The bill says a “cyber emergency” is an “actual or imminent action by any individual or entity to exploit a cyber risk in a manner that disrupts, attempts to disrupt, or poses a significant risk of disruption to the operation of the information infrastructure essential to the reliable operation of covered critical infrastructure”. “Critical infrastructure” is in turn defined as those systems whose “disruption or destruction would cause a mass casualty event which includes an extraordinary number of fatalities; severe economic consequences; mass evacuations with a prolonged absence; or severe degradation of national security capabilities, including intelligence and defense functions”.

That all sounds pretty narrow: most Web servers would not qualify as that type of infrastructure–nor would a small ISP.  Responding to criticism of the kill switch idea, the Senate has said that the bill is intended to provide a “precise, targeted and focused way for the President to defend our most sensitive infrastructure,”  further defining that infrastructure as systems involved in the vital maintenance of the telecommunications networks, electrical grid, water systems and  financial systems. Of course, as more systems move to the cloud, there’s a question of whether we will start to find these critical infrastructure systems interwoven with more mundane civilian resources, and what the implications of such mixing would be under this bill.

Putting it all together, this means that a cyber emergency would only to be declared in the event of an imminent risk of massive death and destruction, severe economic damage, mass evacuations or harm to our national security capabilities—the worst of all possible scenarios.  But a critical issue is what kind of review there would be of whether a declared emergency really qualifies under the bill.  Though there is no direct identification of critical infrastructure beyond those whose disruption would cause scenes from the movie 2012, there is a means in the bill for those designated as critical infrastructure systems to appeal that classification.

The new draft of the bill– likely responding to public anxiety over kill switches–explicitly forbids a shut down: “neither the President, the Director of the National Center for Cybersecurity and Communications or any officer or employee of the United States Government shall have the authority to shut down the Internet.”

Any emergency measures developed and implemented in the event of a cyber emergency would also expire within thirty days, with the possibility of several thirty day extensions.  To be sure though, thirty days is a long while in Internet time, and more than enough time to change, perhaps irreversibly, a company who find itself on the wrong side of the critical infrastructure designation.  Most important is to try. It’s also hard to imagine the circumstances under which these provisions would be invoked.  By the language of the bill, it would appear to be nothing short of a massive virus–or physical–attack in which ISPs stood idly by as malware spread like.  Of course, should that situation arise, it’s not clear that sending in the Marines (figuratively, if not literally), and telling various ISP’s to fix it would make any difference–as if they somehow wouldn’t be trying to do that anyway, and as if the government would have any comparative advantage in understanding the situation than the Internet engineers themselves would have.

Oddly, the U.S. government may already have the authority to shut down the Internet anyway. Section 706 of the Communications of Act of 1934 – written into the Act shortly after the 1941 attacks on Pearl Harbor – provides the President with the ability to shut down “any facility or station for wire communication” or take federal control of such facilities in the event of a “state of war” and for up to six months after the expiration of such a state. Of course, the War Congress of 1941 wasn’t thinking about the Internet at the time, though there is some indication that the Department of Homeland Security believes this provision could apply.  In June of 2010, the Department of Homeland security apparently cited Section 706 as “one of the authorities the President would rely on if the nation were under a cyber attack.”

The new bill does not permit such a Federal takeover or shutdown, limits the amount of time a cyber emergency declaration can be in effect, and contains language intended to render the emergency measures as non-disruptive as possible.

Beyond the legalities or politics of drastic action, it’s worth asking whether the type of Internet shutdown seen in Egypt and elsewhere is even possible in the United States. Internet penetration in Egypt is around 15.4%, high for Africa but low compared to the rest of the Middle East; penetration in Libya is around 5% ; in Burma Internet penetration is at less than 1%.  They have much smaller populations than the US, in smaller geographic areas.  The shuttering of one or two ISPs has a much greater effect in these small markets than it would in the States.  It is unlikely that the government could, though social and political pressure not backed up by statute and public accord, cow the hundreds of different ISPs operating in the continental United States to all shut down at once.  Someone bent on disrupting Internet access would have to focus on Tier 1 ISPs – those who provide Internet access to other ISPs, and for which a shutdown would have the biggest ramifications.  Another potential method for shutdown would be disrupting one or more of the major Internet exchange points or “carrier hotels” that exist around the country.  Going after major wireless providers could also have a big impact. However, the likelihood of a complete shutdown remains low: at the point such a measure would be attempted we’d likely have plenty of other problems to raise with such an overreaching government.  More important, with Internet access so crucial to the economy and to state and federal governments, a broad-based shutdown would carry incalculable costs.  The point at which the Internet is so suffused in a society that a censorious government could consider turning it off is also the point at which the Internet is so suffused in a society that a government would likely not dare turn it off.  Egypt and Libya provide new and surprising counter-examples to that hypothesis, but even in Egypt access was restored while the Mubarak government was still in power.  And the level of integration of the Internet with layers of the American economy and communications system is an order of magnitude more than in Egypt and certainly Libya.

So, while there is no a kill switch hidden in the bill, it provides for the establishment of two federal bodies responsible for the development and enforcement of certain private and governmental security standards in the area of critical infrastructure systems, and establishes the ability of the government to give mandatory directives and orders to the private operators of critical infrastructure systems in the event of a cyber emergency, which is defined to sound a lot like a real emergency.

That said, is this bill a reasonable reaction to the current state of cybersecurity in this country?

The bill endows NIST with the ability to create security standards, in conjunction with the private sector, which would then be imposed on federal agencies and private operators of critical infrastructure systems.  This introduces the potential for mission creep, and moreover, it is simply not known what those standards will be yet.  Would such standards include the capacity for deep-packet sniffing, other methods of surveillance or backdoors?  Who within NIST and the private sector would have final say in the creation of these standards, their implementation and enforcement?  Does the government currently possess the expertise to take on this task to begin with?  What actions will the relevant agencies take to ensure they have that experience at the ready when it comes to developing these standards?

When it comes to improving the online security environment in this country, everyone has work to do, including the federal government.  Keeping up with patches and updates, changing default usernames and passwords on critical systems and choosing unique, complex passwords that change regularly are just some habits of good security that should be widespread but aren’t. Some parts of this bill, like section 301 which in part provides for the withholding of bonuses to senior agency officials whose agencies aren’t up to snuff, may be a good step towards implementing a functional and habitual security environment at the federal level.  Some other sections clearly need more consideration and debate.

That the information security environment in this country and around the world needs work is clear.  Whether or not this is the bill that is needed, or even whether the federal government should have a role in regulating civilian, private sector infosec, is less so.

An edited version was published this morning by the MIT Technology Review.

Addressing the zombie invasion. U.S. officials are evaluating an Australian plan that targets the botnet epidemic. In particular, the American government is eying provisions that allow an ISP to notify customers with infected computers — since botnets typically run in the background of a user’s own applications, often the consumer is unaware that her PC has been taken over — and perhaps even quarantine maliciously co-opted machines by limiting online access. As the FOI book echoed in 2008, such a program increases security without resorting to perfect enforcement and may also encourage ISPs to provide consumers with tools to disinfect their computers, either as part of the service plan or for an additional fee.

iOS developer guidelines relaxed enough for torrent apps? Last week Apple approved its first BitTorrent app. But it turns out that Apple didn’t intend to allow torrent apps. Instead, the developer avoided the term “torrent client” in the app description, temporarily evading rejection. When Apple became aware of the app’s capabilities, it removed the app from the App Store.

Android apps share information. A Duke-Penn State-Intel study using the new TaintDroid tool revealed that half of thirty randomly selected popular Android apps send personal information such as location or phone number to ad networks, sometimes with surprising frequency. When an Android owner downloads an app, he or she has to give permission for the app to collect personal information. But from that sole initial disclosure it’s usually not clear when information will be accessed and how it will be used. Privacy policies are often unintelligible. Hopefully utilities like TaintDroid will soon be available in downloadable form to allow Android (and iPhone) owners to monitor in real time what information their apps are accessing.

Italy demands that Apple remove an offensive app from the App Store. Child pornography? No. Graphic violence? Not so much. Italy is upset that a travel app characterizes the country as the home of the Mafia (also of pizza and scooters). Since Italy knows Apple can remove the app, it may feel entitled to demand that the company do so whenever Italians’ dignity is the least bit bruised. In a walled garden, the country of Da Vinci need not cultivate perspective.

RIM jumps on the anti-fart app bandwagon. RIM takes the position that apps that keep users coming back and convince them to purchase upgrades or additional content are more valuable to RIM and developers than fart apps. But should the value of an app be determined ex ante by device-makers or set by user behavior? Good search and rating systems seem like a better way to run an efficient app store — one that allows both apps that provide “ongoing entertainment value” and inexpensive, one-off apps that may serve important, if temporary, functions. (Ever unexpectedly have to entertain a child for an afternoon?) Still, nice of CompuServeRIM to tell us what we want. Because listening to users and developers isn’t a plan that’s going to work.

Can a wireless provider block texts it doesn’t like? New York federal court was presented with that question in a case where T-Mobile blocked all texts from a texting service because one of the service’s clients provided information via text on legal marijuana dispensaries in California. Under the recently proposed Google-Verizon net neutrality principles (analyzed here), a wireless company would have latitude to discriminate based on the sender, recipient, or content of the message as long as its practice is transparent. But it’s hard to see how the discrimination in this case is required because of the “unique technical and operational characteristics of wireless networks.” We’ll have to wait to see how courts address the issue as the parties have settled the case. Although the full terms of the agreement weren’t disclosed, it “requires T-Mobile to stop blocking the New York-based EZ Texting service’s thousands of clients, if they meet T-Mobile’s approval. The medical-marijuana info service, which used texts to tell its users where the nearest medical-marijuana store was, remains blocked.” (emphasis added).

The future of HR. Social Intelligence will help potential employers determine whether you are a good hire and monitor you (with real-time updates) when you’re on the payroll by trolling your public social network profiles. “[C]ompany spokespeople emphasize liability. What happens if one of your employees freaks out, comes to work and starts threatening coworkers with a samurai sword? You’ll be held responsible because all of the signs of such behavior were clear for all to see on public Facebook pages. That’s why you should scan every prospective hire and run continued scans on every existing employee.”

iPhone expression that’s more than skin deep. Children and adults with disabilities affecting speech are converting their iPhones to alternative communication devices. Smartphone apps that are mobile, easy to use, and even cool give a voice to autistic kids and stroke victims alike.

—Jennifer Halbleib

Foundational technologies like this can attract attacks the same way that banks beckoned Willie Sutton: crooks go where the money is.  Here the money is people’s browsers and PCs; compromise them and you can potentially access their passwords, personal information, and even cause them to pay the attack forward — involuntarily tweeting the next attack vector.  With many interlinked users, a vulnerability can be exploited with lightning speed.  It’s a reminder that a feature we cherish about the Internet and Web — linking disparate people and sites seamlessly together — can also be a problem.  Consider a standard Web page at, say, nytimes.com.  You’re visiting the New York Times, and that’s where the page is thought to come from.  But in a venerable practice echoed by nearly every other online news and content hub, nytimes.com serves up banner ads from a vendor like doubleclick.net.  Your computer visits doubleclick at the instant of rendering the page for you so the an ad can appear in its designated real estate.

In fact, given its popularity as an ad server network, your computer probably visits doubleclick.net more than most any other site — even though you’ve likely never asked to go there yourself in your Web surfing.  Doubleclick in turn gets the ads it runs from its customers: companies who want to sell you something or otherwise try to get to you click on their ads.  So: visiting one site actually means you’re visiting a third party site, which in turn is getting information from fourth parties.  Even the most careful site can thus become host to malware, if the ad content is designed to attack your browser, not just appeal to your eyeballs.  Just ask the New York Times, which suffered this problem last fall.  It’s akin to the fact that a hamburger from your favorite fast food outlet contains the meat of 100 cows from three continents.  If just one source has E.coli — watch out.

What to do about it?  In the short term: backup your data, update those virus definitions, and use an obscure browser, figuring Willie Sutton will go for the big banks over the small savings and loan.  Over the longer term, we’ll need defense mechanisms that can react as speedily as an attack can hit — at least enough to eliminate its viral quality when passed around through a platform like Twitter.  Ideally those platforms would be distributed rather than orchestrated by a handful of security vendors, so that the ability to block bad code isn’t so readily triggered by a single gatekeeper — or a government that can pressure it.

That’s because what’s true of code is also true of content.  Perhaps a deeper lesson of this flash-in-the-pan Twitter pandemic is its suggestion of how quickly a meme can spread.  Someone tweets a fascinating but false statement and it gets retweeted and retweeted — with no easy way for a correction to chase after it.  Once alerted to yesterday’s virus problem, Twitter could set up an automated system to look for manifestations of dangerous code in a tweet and squelch it.  Should we sleep better or worse with the thought that the same technique could be applied to another kind of clear and present danger: falsehoods designed to wreck a business, ruin a reputation, or incite a panic.

[A shorter version of this entry appears in the NYT's Room for Debate blog.]

I wrote the Future of the Internet — And How to Stop It, and its precursor law review article the Generative Internet, between 2004 and 2007. I wanted to capture a sense of just how bizarre the Internet — and the PC environment — were.  How much the values and assumptions of, metaphorically, dot-org and dot-edu, rather than just dot-com, were built into the protocols of the Internet and the architecture of the PC.  The amateur, hobbyist, backwater origins of the Internet and the PC were crucial to their success against more traditional counterparts, but also set the stage for a new host of problems as they became more popular.

The designers and makers of the Internet and PC platforms did not expect to come up with the applications for each — they figured unknown others would do that.  So, unlike CompuServe, AOL, or Prodigy, the Internet didn’t have a main menu.  And once for-profit ISPs started rolling the Internet out to anyone willing to subscribe, there came to be a critical mass of eyeballs ready to experience varieties of content and services — the providers of which didn’t have to negotiate a business deal with some Internet Overseer the way they did for CompuServe et al.  Some content and services could be paid for, at least as soon as credit cards could function cheaply online, and other could be free — either because of a separate business model like advertising, or because the provider didn’t feel inclined to monetize visiting eyeballs.  Tim Berners-Lee could invent the World Wide Web and have it run as just another application, seeking neither a patent on its workings nor an architecture for it that placed him in a position of control.  Today, of course, the Web is so ubiquitous that people often confuse it with the Internet itself.

When bad apples emerge on an unmediated platform — and they do as soon as there are enough people using it to make it worth it to subvert it — it can be difficult to deal with them.  If someone spams you on Facebook, the first step is to make it a customer service issue — complain to Facebook, and they can discipline the account.  If someone spams you on email, it’s much trickier, because there’s no Email Manager — just lots of email servers, some big, some little, and many of them with accounts hacked by others.  That’s one reason why a newer generation of Internet users prefers Facebook or Twitter messaging to old fashioned email.  Same for the PC itself: with no PC Manager, there’s no easy way to get help or exact justice when exposed to malware.  I worried that malware in particular, and cybersecurity in general, would be a fulcrum point in pushing “regular” people away from the happenstance of generative platforms designed by nerds who figured they could worry about security later.  Hence a migration to less generative platforms managed like services rather than products.

I understand and sympathize with that migration.  But it’s important to recognize its downsides — particularly if one is among the libertarian set, which has been comprised some of the most vocal critics of the Future of the Internet.  Whether software developer or user, volunteering control over one’s digital environment to a Manager means that the manager can change one’s experience at any time — or worse, be compelled to by outside pressures.  I write about this prospect at length here.  The famously ungovernable Internet suddenly becomes much more governable, an outcome most libertarian types would be concerned about.  Many Internet freedom proponents aren’t willing to argue for or trust those freedoms to a “mere” political process; they prefer to see them de facto guaranteed by a computing environment largely immune to regulation.

Lessig now seems to disagree with that; his view in Code 2.0 is that:

citizens of any democracy should have the freedom to choose what speech they consume.  But I would prefer they earn that freedom by demanding it through democratic means than that a technological trick give it to them for free.

It’s an interesting bookend to a small gem of an article he wrote in 1999, where he said:

The architecture of cyberspace embeds a set of values, as it embeds or constitutes the possible. But beyond the values built into this architecture, there are values that are implicated by the ownership of code. Its ownership can enable a kind of check on government’s power-a separation of powers that checks the extent that government can reach. Just as our Constitution embeds the values of the Bill of Rights while also embedding the protections of separation of powers,[] so too should we think about the values that cyberspace embeds, as well as its structure.

Randal Picker, in a terrific article revisiting the famed Sony case that upheld the right of manufacturers to make and sell VCRs, despite the fact that surely many people were using them to infringe copyright by recording shows for their personal libraries, outright welcomes new forms of regulation made possible by software becoming a service.  My brief response to (and disagreement with) his article is here, but both of us agree that new kinds of regulation lie in our future.

So, has the future happened?  Certainly young coders today are writing for the Facebook and iPhone apps platforms more than they are for Windows, OS X, or GNU/Linux.  Those platforms haven’t been “sterile” — e.g. resistant to all outside development, as the book’s introduction feared.  Rather, they’re what I called “contingently generative” and what Sarah Rotman Epps more pithily calls “curated computing.”  The idea is the same: to be generative enough to welcome outside coders — indeed, if wildly successful, to turn other platforms into ghost towns — but to be able to modify what they do at any time, before or after the fact.  Not only does that set the stage for monopolistic behavior — developers, many coding for fun, build empires that are then hard to move to a new platform when the rules change — but also for new regulation.  Android is an interesting development here — a sort of canary in the coal mine, as the Android platform contemplates more “off roading” by users, running unapproved apps, than the iPhone does.  It’s too early to say which model will prevail, especially as either one, being contingent, can evolve towards the other.  Steve Jobs could announce freedom to run outside code on iPhones tomorrow, and Google could revise Android so that only apps from the official Android store can persist.  Either vendor can kill an app, or the entire phone, at a distance, if it detects jailbreaking, or for any other reason.

In 2004, the Web was going strong, but much of our time was spent outside a browser: email was Outlook or Eudora, word processing was Word, spreadsheets were Excel, etc.  If you were given only a browser, there’s a lot of work you’d have a hard time doing.  Today that’s simply not true.  Google docs and spreadsheets are spreading, and Microsoft is hastening to catch up with Windows Live.  Yet some have trumpeted the end of the open Web, and cited the Future of the Internet to buttress their claims.  They have a point.  Just because something can be accessed by a Web browser doesn’t make it part of the Web.  (You can even just open a file on your hard drive using your browser, most easily if it ends in .html.)

If the services we migrate to online are still controlled and curated by only a handful of gatekeepers, we run all the risks, and stand to lose many of the benefits, of the generative Internet.  I’m not ready, as others may be, to say that essentially every new technology has its infancy and adolescence, where it’s chaotic and there are lots of players and lots of innovation, to be followed by boring adulthood as the losers lose and the few winners win and consolidate.  My hope was, and is, to be able to take on the “bad apples” problem in a way that doesn’t terribly compromise generativity — the way that Wikipedia, so far, has managed to stop spammers and vandals without wholesale abandoning the precept that anyone can edit a page, whether registered or not.  I wrote some thoughts on how to do that in the book, and have since followed up with a piece called “The Fourth Quadrant.”  It seems all the more pressing to me as concerns about cybersecurity, and now cyberwarfare, are very much on the mind of governments around the world.

I’m not exactly a pessimist.  I recognize, and celebrate, the fact that the digital environment of 2010 is the coolest, most interesting, most option-filled it’s ever been.  In that sense, mirroring the situation with Internet access despite censorship around the world, the slope of the generative curve is positive.  But, also mirroring the situation with censorship and filtering, I see the pieces further moving into place for a step change in how the Internet works.  In where new innovations come from.  And in how readily regulators can pull the plug on services and content they don’t like.  At its core, the Future of the Internet is an argument against complacency, and against the simplicity of thinking that if only market forces are allowed to work their magic, everything else we care about will more or less fall into place.

I look forward to the week’s discussions.  …JZ

Disintegrating Droids. The Droid X comes pre-loaded with eFuse technology, which prevents it from booting with unapproved software. Motorola points out that triggering eFuse doesn’t permanently disable the phone — it can re-boot once approved software is reinstalled. Much better.

Neighborhood watch for software vulnerabilities. At the Black Hat security conference last week, Microsoft advocated for cooperation between software companies, researchers, and security vendors to share information on flaws and patches in order to keep users safe. Perhaps cross-pollination at the meeting will spread the idea of mutual aid to website owners as well.

Researcher remotely hacks ATMs. Also at Black Hat, a security researcher demonstrated that he could remotely order stand-alone ATMs to spew cash. While causing a remote ATM to dispense money at will is less appealing to the average thief than cracking open a proximate machine, an accomplice with a laptop in a van nearby could make it a profitable endeavor.

Apple rejects iPad magazine subscription app. Apple has nixed an app from Time, Inc. that would have allowed iPad owners to purchase a digital subscription to Sports Illustrated. Peter Kafka of Media Memo hypothesizes that Apple doesn’t want to give magazine publishers the access to personal user information they would have with an app. But publishers are likely salivating over the targeted advertising potential of mining that data. Plus, single-issue sales through iTunes are cumbersome and inefficient. There may be a confrontation brewing, unless publishers are willing to be satisfied with whatever options Apple grants them.

I’m having similar difficulty understanding Research In Motion’s statement in response to the news cascade following threats by the UAE and other countries to terminate its license to sell Blackberrys unless it’s more cooperative with government requests for surveillance.

Part of the confusion arises from the fact that we’re only seeing a small slice of a government-to-company negotiation — the public threat part — so exactly what’s being asked hasn’t been disclosed, and neither the government nor RIM have much incentive to say more.  And it’s hard to infer what’s on the table since the Blackberry is a Swiss army knife-style digital appliance — it makes phone calls, supports instant messaging, texts, and email — in communication both with other Internet users (including those without Blackberrys) and within a corporate environment.  When trying to figure out what RIM could share if it wanted (or were pressured) to, it helps to consider each service and environment separately.

So how does RIM’s public statement fit in?  Here’s the intro:

Due to recent media reports, Research In Motion (RIM) recognizes that some customers are curious about the discussions that occur between RIM and certain governments regarding the use of encryption in BlackBerry products. RIM also understands that the confidential nature of these discussions has consequently given rise to speculation and misinterpretation.

RIM respects both the regulatory requirements of government and the security and privacy needs of corporations and consumers. While RIM does not disclose confidential regulatory discussions that take place with any government, RIM assures its customers that it is committed to continue delivering highly secure and innovative products that satisfy the needs of both customers and governments.

Strong but vague so far — there’s a compromise to be struck, and RIM hopes to make the right one, bearing in mind the needs and interests of both its customers and its regulators.  It’s how the statement continues that’s puzzling, and to understand requires going from forest to trees for a bit:

Many public facts about the BlackBerry Enterprise Server security architecture have been well established over the years and remain unchanged. A recap of these facts, along with other general industry facts, should help our customers maintain confidence about the security of their information. …

• The BlackBerry security architecture was specifically designed to provide corporate customers with the ability to transmit information wirelessly while also providing them with the necessary confidence that no one, including RIM, could access their data. …

• The BlackBerry security architecture for enterprise customers is based on a symmetric key system whereby the customer creates their own key and only the customer ever possesses a copy of their encryption key. RIM does not possess a “master key”, nor does any “back door” exist in the system that would allow RIM or any third party to gain unauthorized access to the key or corporate data.

At last some specifics.  But they appear extremely selective.  The first bullet point above talks about the encryption of data between a handheld Blackberry and the server operated by RIM — a way station until the data finds its ultimate recipient.  (People intend to email each other, not RIM; the RIM server is just a way to route data from one person to another.)  So the first bullet point offers the assurance that the data can’t readily be accessed between the Blackberry user and the RIM way station.  Fair enough — such encryption is routine.  For example, those who use gmail in “secure” mode — these days it defaults to that — enjoy a similar protection.  No stethoscope gathering radio waves in between can easily decipher what’s going on.

OK, on to the next quoted bullet point, which suggests that once the data is in repose at the way station, even then RIM couldn’t access it.  But here there’s a qualifier: it’s the Blackberry “security architecture for enterprise customers.”  Enterprise customers is a term of art that means customers brought en masse under the umbrella of a corporate enterprise.  If Consolidated Widgets had previously had all its internal correspondence routed through a server in its own basement and wanted to farm that out, RIM could offer an “enterprise solution” where Consolidated Widgets would become its customer, and all of Widgets’s employees could be issued Blackberrys and corresponding email accounts.  In that case, promises RIM, email sitting on RIM’s server would still be inaccessible to RIM.  It’d be private between one sender and one recipient.

Why limit this feature to enterprise customers?  In part because encryption standards haven’t been widely enough deployed to support ready encryption between users without regard to the devices and platforms they’re using.  For me to send you an encrypted email that not even our respective email providers can access requires us to coordinate ahead of time on a standard.  For example, you might establish a key using the Philip Zimmerman’s legendary PGP (“pretty good privacy”) standard, and I could then use it to send you an email that only you can read.  But if you haven’t gone to that trouble, I’m stumped.

That’s not RIM’s fault, but it might make misleading a statement intended to address the overall surveillance controversy — a statement that on a quick read suggests that Blackberry email users enjoy utter secrecy, when in fact it’s necessarily only talking about “enterprise” users who are emailing each other under a single corporate umbrella.  With that understood, the last line of the RIM statement offers much less assurance than it might seem to the average Blackberry user:

RIM assures customers that it will not compromise the integrity and security of the BlackBerry Enterprise Solution.

If the BlackBerry Enterprise Solution is but a subset of what we think of when we think about Blackberrys — namely, intra-corporate stuff — then the fact that it’s assured it both little threat to a government like UAE, which is no doubt concerned about communications and organizing among citizens outside a single corporate environment, and little solace to those very citizens.  And that’s why our questions to RIM should stick to apples in cheeks rather than changing the subject to balls in hands: what assurances can be made about cooperation with government surveillance requests outside corporate intranets?  The assurances need not be without exception to be reasonable — but the parameters of whatever accommodation is reached should be made public.

I welcome correction if I’m misunderstanding RIM’s attempt to dispel misunderstandings.  …JZ

UPDATE 8/5/10: Bruce Schneier has written on the topic here.

There are two differences that jump out between this awe-inspiring alphabetical listing of all Facebook users and a dog-eared telephone directory.  First, Facebook’s directory has a staggering 171 million names in it.  Second, in good news for paper prices everywhere given the first difference, the directory is digital — it’s right there, online.  And if it’s online, it’s scrapable.  Ron, being of the inquisitive engineering sort who can’t help but push a button if he sees one, figured that supply creates demand, and went ahead and scraped the directory.

That means he produced a file on his own hard drive containing more or less the directory’s main contents: for each person listed, a name, the person’s Facebook URL (what one types in to go directly to his or her entry), and unique Facebook ID (not a secret; this is part of a person’s Facebook url).  The resulting file is only a few gigs — amazing how cheap storage has become that so much can be roughly the side of an episode of House.  Ron then placed it online as a torrent — which means anyone can download the file, and voila, a snapshot of Facebook’s membership as of July 2010.

So, is this a problem?  As I’m writing, news is only just breaking, so it’s like that moment when a toddler trips, falls, and then has to think about whether to cry or not.  “You’re OK!” is usually what the alert parent encouragingly says — and if the toddler buys it, it’s usually true.  In fact, even if the toddler doesn’t buy it, it’s still usually true.  In this case, I think I’m with the metaphorical parent.  The data that Ron grabbed is precisely what Facebook users have chosen (or perhaps more accurately, passively acquiesced) to share.  For those who lock their privacy settings to avoid having a public listing in a Facebook search, they’re not present here.  For those who have, they are — along with a click through to their respective Facebook pages however they’ve chosen to share them.

Ron appears a little disquieted by it because of the prospect that the snapshot can live forever more.  If you remove your Facebook account or up your privacy settings, that will be reflected in real time in the Facebook directory and search (or at least it should be!).  But the torrent file exists forever — so one’s privacy choices are locked into that moment.  This is an artifact of having a service — Facebook — converted into a product — a Facebook database — the way that universities used to not just maintain online directories, but also publish bound volumes of their alumni with addresses, for those who opted in.  (In fact, many universities still do this; someone should tell them about saving the trees.)

There’s some privacy hit there, but there are also benefits.  By making a public directory — and a scrapable one, no less — Facebook gets more inbound links and attention as its members become easier to find.  And we benefit by having Facebook’s subscribers’ public pages indexed by the likes of Google and Yahoo! search.  In fact, when searching on a person’s name in a regular search engine, quite commonly a Facebook entry is one of the top hits.  That seems to me a good thing, and once Google, Yahoo!, and Bing have it, why shouldn’t Ron and anyone else who wants it have it too?  Indeed, Ron already did some cool stuff with the data.  For example, he crunched it all and came up with a list of Facebook’s most commonly used first and last names, discovering “Michael” and “Smith” coming in at number 1 for each.  Congratulations, Michael Smith, you are hidden in plain sight, since a search for you turns up so many others at the same time!  (Not so much with “Jonathan Zittrain”…)

Anyway, that’s generativity at work: Facebook makes available a directory on free and open terms, and people do stuff with it, some of which can surprise us.  There could be bad surprises, too — Ron and others hint at undesirable data mining — but I’m glad that the gates of Facebook’s gated community have some slats in them, rather than being a solid wall.  At most, it seems to highlight the desirability of getting the defaults right: Facebook shouldn’t have people automatically publicly sharing stuff they’d not normally share, without clear markers on what’s about to happen.  As Google would say, “Please read this carefully.   It’s not the usual yada yada.”

Indeed.  There have been so many Facebook privacy mini-scandals that we’re primed for the next, and the involvement of a torrent file adds an element of seeming subversiveness to the mix, given the association of p2p with contraband material.  But sometimes when the boy cries wolf it’s just a shadow.  I count 8 Yadas in the Facebook directory.  And I, along with my cool musician brother Jeff Zittrain, fall in between Aron Zittra and Austin Zittrauer.  Until now, who knew?  Interesting — but not pitchfork worthy.  …JZ

Communicating with the e-book mothership. If the latest must-read on Kindle is dotted with typos or has a few pages missing, there’s a good chance Amazon offers a patch to correct the error. It’s a handy Internet-enabled functionality, although one can imagine at the extreme authors continuing to update their work ad infinitum, making it impossible for a reader to say he or she has read an e-book since content is always subject to change. Information flows in the other direction on the Kindle superhighway too, as Amazon apparently keeps track of what readers are highlighting. There’s some creep factor in Amazon knowing what ideas Kindle readers think are important, even if the most highlighted passages are in works as deep as The Lost Symbol. But the information is also so interesting.

The remote control. In April, Sony quietly revised the End User License Agreement that came with the latest PS3 firmware update to allow the company to change how an owner’s console operates in whatever way it wants, no notice or permission required. Now the FCC, at the request of the MPAA, has given cable and satellite providers the right to remotely disable output connections on consumers’ set-top boxes, leading consumers to ask “What did I buy?”

Curated Computing is the new name in town for the experience provided by the tablet non-PC. This particular term is meant to accentuate the “less choice, more relevance” aspects of that experience. It rolls off the tongue more smoothly than “contingently generative” and sounds less regressive than an “appliance,” but it connotes somewhat life aboard the Axiom. However, its proponents suggest that curated computing devices are meant to exist alongside and supplement traditional PCs. Let’s call that a worthy goal and the best of both worlds.

iPhone pillow talk with Steve Jobs. A ValleyWag reporter last week exchanged late-night emails with a defiant Steve Jobs on the iPhone’s ability to give people “freedom from” data theft, battery hogs, and porn. The emails speak for themselves, giving a little insight into Jobs’ perspective on the benefits and aims of the iPhone. He gets a little snarky at the end, but then again it’s 2am when he’s responding, and he never has a chance to clarify his comments, unlike the Gawker reporter.

Android outsells iPhone. During the first quarter of 2010, phones with the Android OS grabbed 28% of the U.S. market share, surpassing iPhone’s 21% (RIM’s Blackberry is still at the top with 36%).  Although Android benefited from Verizon’s buy-one-phone-get-one-free promotion and iPhone continues to lead worldwide, it appears Google is getting closer in Apple’s rearview mirror.

McAfee prevents computers from booting up in new virus-protection strategy. Centralizing security software in a few big providers concentrates expertise to solve problems, while also meaning that there are only a few–albeit strong–security systems the bad guys need to breach in order to wreak widespread havoc.  But in a previously under-appreciated risk, a flawed update of widely-used antivirus software can cut out the middleman and accomplish the same havoc directly.  A McAfee software update mistakenly identified a critical file as a virus and quarantined it, causing computers around the world, many of which automatically install updates, to repeatedly attempt to boot up.  One source estimated that 800,000 PCs were affected.

Taking [re-]generativity seriously. A Connecticut mayor donated her kidney to a Facebook friend last month after seeing his desperate status update.  The patient’s doctor had suggested that he try publicizing his need through social media, using an online connection to a forge a real-world bond.