… full service videogame agency that provides public relations, marketing, and sales services through one integrated campaign to the interactive entertainment and music industry.  Using precise messaging and calculated marketing campaigns, we are able to drive consumer and industry demand for our clients’ products, resulting in increased product sales.

According to the FTC’s complaint, some of the “precise messaging” involved the firm putting in fake positive user reviews of various video games on the iTunes store.

I haven’t been able to track down Reverb’s answer to the charges except a statement repeated here, a blog entry that reports some additional details of how the FTC got onto Reverb’s trail.  Reverb is said to have said:

During discussions with the FTC, it became apparent that we would never agree on the facts of the situation. Rather than continuing to spend time and money arguing, and laying off employees to fight what we believed was a frivolous matter, we settled this case and ended the discussion because as the FTC states: “The consent agreement is for settlement purposes only and does not constitute admission by the respondents of a law violation.”

That sounds like a non-denial denial, and the FTC appears to be doing good work here.  In the fall of ’09 it announced that paid commercial endorsements had to be disclosed — even on Twitter, Facebook, and in blogs.  There was some handwringing over this — would the government be going after any blogger who says something good about something and might have a financial interest in it?  It is not particularly easy to predict, especially since the FTC, unlike other Federal agencies, does not do formal rulemakings — it can only announce guidelines and then bring one enforcement action at a time under its general charter to combat unfair or deceptive trade practices.

The Reverb case provides a good example of how the FTC is thinking about applying its limited staff power: to professional organizations working to subvert ratings schemes.  That’s a good place to start; if nascent ratings schemes are to work, it’s helpful to know what the boundaries are — especially to PR and marketing firms that don’t want to have to race to the bottom.  Now they can tell their clients that they’re just not able to help out with fake reviews.  (In the meantime, the Reverb main home page is showing a generic parked message — odd.)

I remain curious how effective sites like subvertandprofit.com are.  S&P says it:

… runs social media campaigns across a variety of social media sites, via our 25,000 users who earn money by viewing, voting, fanning, rating, or posting assigned tasks. Since 2007, our user actions have effectively promoted our advertisers’ web content to popularity at significant cost savings. In 2010, Subvert and Profit merged with Crowdsource Corp. to extend the power of crowdsourcing to a variety of social and business applications.

More directly, S&P tells advertisers that they can:

Buy votes on social media sites.

1. Sign up.
2. Add funds to your account.
3. Buy votes.
4. Get visitors to your site for cheap.
5. Repeat.

And in turn, social media users can “get paid just for clicking buttons.”

Perhaps they or other intermediaries that help to launder ratings could find themselves answering some questions from the FTC.  I see the domain for subvertandprofit is registered in Massachusetts, so I’ve sent an email to its owner — I’ll update this post if I hear anything.

Much of the online discussion has focused on the merits of the suit.  Oracle officially acquired Sun Microsystems early this year.  Sun originally developed Java and, over time, released most of the platform into the open source ecosystem.  Patents that were filed may have been a defense against litigation or even a joke.  And Google has licenses for those patents.  So the question here revolves around whether, by strict or loose interpretation, Google violated its licenses, but the vagueness and generality of Oracle’s complaint [pdf] (and press release) renders most of this analysis speculative pending additional clarification.  (More discussion on the open source backdrop is available here and here, and counterpoint here.)

However, the remedy Oracle wants couldn’t be more clear.  It asks for monetary damages to compensate it for its financial losses and punitive damages because it alleges Google “knowingly,” i.e. intentionally, violated its IP rights.  In addition, Oracle requests “[a]n order permanently enjoining Google, its officers, agents, servants, employees, attorneys and affiliated companies, its assigns and successors in interest, and those persons in active concert or participation with it, from continued acts of infringement of the patents and copyrights at issue in this litigation” and “[a]n order that all copies made or used in violation of Oracle America’s copyrights, and all means by which such copies may be reproduced, be impounded and destroyed or otherwise reasonably disposed of.”  The last one is the kicker: just like TiVo’s demand of EchoStar, Oracle wants the court to tell Google to reach into Android owners’ handsets and rip out the offending material, leaving innocent consumers with a gutted shell — and the remainder of their two-year service contract.

The destruction remedy applies only to the copyright claim.  If the case goes to trial a jury could conceivably find Google liable for patent infringement but not copyright violation.  And even if it did, the district judge has discretion over what relief to grant.  Plus, the appeals process could hack back overbearing damages.

But as long as it is on the table, the availability of such a remedy is a very big stick.  Even if Google believes it should win the suit, betting on that outcome doesn’t make sense if it means risking having to destroy consumers’ phones or fighting a long and uncertain legal battle after the destruction provision is awarded, instead of paying conventional monetary damages.

Google has seen how a similar fight has played out for EchoStar.  EchoStar attempted to comply with the court order by sending DVR boxes an update that replaced the infringing technology with noninfringing parts, leaving intact the DVRs’ functionality.  The Federal Circuit said “no dice,” the remedy was disablement of the DVRs, and that alone would suffice.  EchoStar continues to refuse to disable its customers’ DVRs and has been held in contempt and fined $200 million.

The Federal Circuit has agreed to rehear EchoStar’s case en banc.  And in the interim, the U.S. Patent and Trademark office has invalidated the very patents TiVo claimed EchoStar infringed. (TiVo is appealing the ruling; until its appeal is exhausted, the patents remain in force.)  And the FTC has stepped in to give the circuit court some guidance, filing an amicus brief urging it to consider how specific sanctions will impact innovation across the technology industry.

The availability of destruction as a remedy smothers innovation.  If Oracle can’t strong-arm Google into settling but wins at trial and is awarded the destruction provision (and it survives appeal and Google eventually capitulates instead of balking and riding a series of contempt proceedings into a draconian post-litigation settlement or bankruptcy), (1) consumers would have their phones replaced with bricks and think twice before buying new tech again; (2) Android developers would see their platform and all their apps evaporate; and (3) in the future, companies would likely waste time reinventing the wheel to avoid Google’s court-ordered fate rather than developing new technologies.  There is a storm brewing, brought on by the rise of tethered appliances and the thicket of software patent regulation.

—By Jennifer Halbleib

That kind of mental-but-not-legal agreement can get away with being far more vague than a typical contract.  It’s amenable to what Cass Sunstein calls “incompletely theorized agreements.”  Cass’s work points out that parties who disagree on basic things — such as a would-be polity that wants to produce a constitution for the first time — risk coming away empty handed if they insist on their own views.  But they don’t want to compromise, either.  So what they do is strategically punt: they come up with texts that are intentionally vague, leaving it for another day to figure out what they mean in practice, so they can move on with a joint endeavor of some kind.  There are lots of vague statements of that sort in the proposal, some of which are drawn from another likely-intentionally vague set of FCC principles about the Net.  So, for example, under the proposal, carriers can’t engage in undue discrimination.  They can do reasonable network management.  There’s to be transparency, but not neutrality, for wireless at this time. These definitions would have to be much more fleshed out to understand what the agreement means, and lawyers use terms like these so that the parties’ different ideas of “undue,” “reasonable,” and “now” can be parked in peace under the same roof.

Here’s my own take so far — I figured it might be useful to share my own process in working this through rather than writing (yet) a firm advocacy piece for one view over another.

First, some of the differences in reaction to the proposal can be explained by what critics see as the alternatives.  For some, the important thing to weigh is the straight policy merit of the proposal as they see it, without regard to what is possible given the array of interests pushing for different outcomes.  Those idealists will find much to disagree with, since the proposal is so qualified, apparently representing horse-trading as much as some consistent set of principles at work.  For others, the proposal is weighed in the context of the status quo and where it’s likely to go.  That includes Google, which said in a blog entry today:

The FCC protections referenced by Google (and incorporated in part in the proposed framework) are the principles first articulated in 2005 as a Commission policy statement — oddly not easy to find online in a clean form, but quoted in lots of places (Formal reference: “In re Appropriate Framework for Broadband Access to the Internet Over Wireline Facilities,” 20 F.C.C.R. 14,986 (2005).)

Those principles were applied in an action by the FCC against Comcast, which had been quietly restricting peer-to-peer traffic to and from its subscribers.  Comcast was told it couldn’t do that in the awkwardly titled “In re Formal Complaint of Free Press and Public Knowledge Against Comcast Corp. for Secretly Degrading Peer-to-Peer Applications,” 23 F.C.C.R. 13,028 (2008) — you can read former Chairman Kevin Martin’s statement on the matter here.  By the time of the FCC’s resolution, Comcast had basically already stopped discriminating, which made the order merely demand transparency about its practices, with a threat of further consequences should Comcast start discriminating again.  Comcast appealed the FCC order to the federal courts.  In the meantime, the original FCC principles were reiterated and elaborated in a proposed formal rulemaking (an “NPRM”) that got going in the fall of 2009.  While that rulemaking was ongoing, the Comcast appeal of the 2008 order was heard and decided by the D.C. Circuit.

Comcast had three complaints: first, the FCC had acted beyond the authority Congress gave it in telling Comcast what to do (or disclose) about its network management practices; second, the FCC should have come up with its rules in a rulemaking rather than a simple order to Comcast after receiving a complaint; third, that the FCC’s order was so poorly reasoned as to deserve reversal by the appellate court.  In April 2010, the D.C. Circuit held that the FCC indeed had acted beyond its authority, and so didn’t move on to the second and third objections by Comcast.  That finding put the very rulemaking that Comcast had demanded, and that was by then in progress, in jeopardy — leading to the “no enforceable protections” status quo that Google says was an important reason for it to work with Verizon to get some commitment on net neutrality.

So, what does that commitment look like?  The proposal is aimed for Congress to adopt in part to clarify the FCC’s ability to regulate here, and it can be divided into two types of suggestions: one about the ground rules (limited by the vague language sampled above) to be observed by ISPs, and one that’s meta, i.e. about who should make and enforce whatever rules there are to be.

First, the ground rules.  The opening ones affirm concepts of net neutrality, with plenty of exceptions.  Under “Consumer Protections,” the document repeats the essence of some of the FCC’s original principles: an ISP (well, “broadband Internet access service provider”) cannot prevent its users from “sending and receiving lawful content,” “running lawful applications and … services,” and “connecting their choice of legal devices.”  That’s consumer-friendly, although some critics don’t like terms like “lawful” — is an ISP to say what’s legal and what’s not?

Next is a non-discrimination requirement:

In providing broadband Internet access service, a provider would be prohibited from engaging in undue discrimination against any lawful Internet content, application, or service in a manner that causes meaningful harm to competition or to users. Prioritization of Internet traffic would be presumed inconsistent with the non-discrimination standard, but the presumption could be rebutted.

So, a commitment to net neutrality, at least against violations that cause “meaningful harm” to competition or to users.  (Would anyone care if a violation caused no harm, or meaningless harm?)  The kind of pay for priority arrangements that I discussed in an earlier blog/NYT short piece are generally not allowed — unless they are when the presumption against them is rebutted, using criteria or ideals not specified in the framework.  Discrimination for traffic management is to be OK — as it would be under the FCC’s proposed (but now frozen) rules.

Putting aside for the moment who gets to decide what counts as a fair reason to prioritize Internet traffic, or what amounts to “meaningful harm” — these are meta issues of enforcement — the other notable substantive provisions are for transparency, wireless and the intriguingly-labeled “additional online services.”

On transparency, providers would have to disclose their network management practices and “capabilities” — presumably better data about expected connection rates other than something like “UP TO FIFTY Mb/S!”  That’s a good feature.

The wireless section says:

Because of the unique technical and operational characteristics of wireless networks, and the competitive and still-developing nature of wireless broadband services, only the transparency principle would apply to wireless broadband at this time.

For many net neutrality advocates this is the most worrisome part of the framework.  The FCC’s original principles did not distinguish between wireless and wired networks, and its proposed rulemaking — again, stalled thanks to the Comcast decision — unlike the Google/Verizon framework, cut little slack to wireless providers on this score.  On the fact that the framework is less restrictive to wireless providers, Google says, in essence, “Don’t blame us; we’re not thrilled with it either, but sometimes you have to compromise.”  The way to give the least weight to this provision is to say: it’s only “at this time.”  There might be some change later if systemic problems arose on wireless.  And in the meantime the U.S. Congress’s GAO would keep an eye on things:

The U.S. Government Accountability Office would report to Congress annually on the continued development and robustness of wireless broadband Internet access services.

Of course, reports happen all the time — seeing a report’s warnings or recommendations find their way into federal law through further Congressional action is a steep hill to climb.  Some critics have said: who cares about network neutrality for regular broadband; wireless is the important part.

I’m not so sure.  If the framework had said the opposite — Verizon is OK with network neutrality for wireless but not for regular broadband — I can imagine many critics being just as upset, saying that wireless is still ancillary and that full broadband, with consumers’ wi-fi attached, is what really matters.  I guess they’d say that both matter.  I’m skeptical myself of rules that carve a difference between them — one point of the Internet is to be medium-agnostic — but I’m less inclined to find an evil plan lurking in the differentiation.  I can see that bandwidth management, at least, can be more crucial for wireless than wired at this stage in its development, and a Verizon might not feel comfortable having to justify any policies in those terms as an exception to a network neutrality rule.  I’m less confident that there’s robust competition in the wireless Internet space — there are still only a handful or providers, and switching among them is costly.

Finally, additional online services:

A provider that offers a broadband Internet access service complying with the above principles could offer any other additional or differentiated services. Such other services would have to be distinguishable in scope and purpose from broadband Internet access service, but could make use of or access Internet content, applications or services and could include traffic prioritization. The FCC would publish an annual report on the effect of these additional services, and immediately report if it finds at any time that these services threaten the meaningful availability of broadband Internet access services or have been devised or promoted in a manner designed to evade these consumer protections.

What’s an “additional or differentiated” service?  One way to understand is to realize that many common Internet broadband connections already piggyback on other, legacy connections.  The coaxial cable that comes into a house bearing decades’ worth of cable TV was partially repurposed by Comcast to offer Internet, too.

So one pipe offers two very different things, and the rules telling Comcast what it can and must allow over the cable TV part of the pipe are very different from the rules, if any, that might apply to the Internet part.  As I wrote in FOI:

Those with cable or satellite television have their TV experiences mediated through a set-top box provided or specified by the cable or satellite company. The box referees what standard and premium channels have been paid for, what pay-per-view content should be shown, and what other features are offered through the service.  The cable television experience is a walled garden. Should a cable or satellite company choose to offer a new feature in the lineup called the “Internet channel,” it could decide which Web sites to allow and which to prohibit. It could offer a channel that remains permanently tuned to one Web site, or a channel that could be steered among a preselected set of sites, or a channel that can be tuned to any Internet destination the subscriber enters so long as it is not on a blacklist maintained by the cable or satellite provider. Indeed, some video game consoles are configured for broader Internet access in this manner. Puzzlingly, parties to the network neutrality debate have yet to weigh in on this phenomenon.

So: when cable TV companies started adding Internet access to their offerings, the “product” was separate enough that the companies’ practices on one didn’t, and weren’t expected to, translate to the other.  From what I can tell, “additional or differentiated services” are the prospect that a company offering Internet access might try to bust into something like … cable TV.  Net neutrality, and the Google/Verizon framework’s own principles, wouldn’t allow an ISP to block Vimeo while allowing YouTube.  But if that ISP wanted to (re)invent a product called “Cable TV,” and use broadband to deliver the bits, it could block AMC while allowing HBO.  Other such products might be “telephone,” “radio,” and “movies on demand.”  Each of these has Internet instantiations now — think Skype, Pandora, and Netflix online — but a Verizon or Comcast might someday want to offer a standalone product, exclusively, with any competitors available only through the Internet half of the ISP’s connection.  Another analogy that might help: iPhone applications vs. its Safari browser.  Steve Jobs gets to say what apps are permitted to appear on the iPhone, and can cut nearly any deal he wants to, say, ban or allow Skype or an email app (say, from Google) that could compete with the iPhone’s own Apple Mail app.  But any of these rejected apps, if they can figure out how to establish themselves simply on the Web, could still be accessed by iPhone users who run the Safari Web browser and then visit the site for the app.

On the iPhone this might feel a bit like being relegated to Siberia for an app developer: it’s hard to have people type in a URL every time they want to run the app, compared to just clicking on a single icon.  But presumably this wouldn’t be as much of a burden in the “additional services” world that Google and Verizon are referring to.  There, the Internet is the main attraction, or at least one distinct from any standalone applications that an ISP tries to deploy over the very same bandwidth.  Cable TV in my living room is just apples to the orange of Internet access on a PC or tablet elsewhere in the house.  Still, some critics fear futures where the tail could wag the dog — futures very much like the present situation on an iPhone.

OK, on to the procedural stuff.  When the FCC cried foul on Comcast’s throttling of peer-to-peer activity, one of Comcast’s objections was that it was acting case-by-case, rather than setting up a formal rule through lengthy rulemaking procedures that involve public participation.  The Google/Verizon proposal calls for eliminating rulemaking full stop, keeping the FCC to case-by-case adjudications of rules laid down by Congress — presumably rules based on the substantive principles reviewed above.  Some critics cheer that proposal, eager to see the FCC’s intervention in Internet affairs limited to, say, network neutrality regulation, rather than, say, content control.  EFF calls it a “promising new approach.”

I’m not so sure.  As almost anyone to this debate would agree, network neutrality is complicated, and the gap between what Congress lays out and what ISPs and others are actually bound to do and not do can be large.  The framework seems to suggest filling that gap with private rules:

Disintegrating Droids. The Droid X comes pre-loaded with eFuse technology, which prevents it from booting with unapproved software. Motorola points out that triggering eFuse doesn’t permanently disable the phone — it can re-boot once approved software is reinstalled. Much better.

Neighborhood watch for software vulnerabilities. At the Black Hat security conference last week, Microsoft advocated for cooperation between software companies, researchers, and security vendors to share information on flaws and patches in order to keep users safe. Perhaps cross-pollination at the meeting will spread the idea of mutual aid to website owners as well.

Researcher remotely hacks ATMs. Also at Black Hat, a security researcher demonstrated that he could remotely order stand-alone ATMs to spew cash. While causing a remote ATM to dispense money at will is less appealing to the average thief than cracking open a proximate machine, an accomplice with a laptop in a van nearby could make it a profitable endeavor.

Apple rejects iPad magazine subscription app. Apple has nixed an app from Time, Inc. that would have allowed iPad owners to purchase a digital subscription to Sports Illustrated. Peter Kafka of Media Memo hypothesizes that Apple doesn’t want to give magazine publishers the access to personal user information they would have with an app. But publishers are likely salivating over the targeted advertising potential of mining that data. Plus, single-issue sales through iTunes are cumbersome and inefficient. There may be a confrontation brewing, unless publishers are willing to be satisfied with whatever options Apple grants them.

The core question is this: when Internet Service Providers turn out to have captive audiences of subscribers — either because their customers have few if any alternatives for broadband, or because switching is complicated and cumbersome, or because ISP practices are obscure and thus hard for customers to adapt to — how far should they be allowed to leverage that captivity?

That question arises in the midst of a very confused economy for the movement of bits over the Internet.  With telephones the baseline rule was simple: sender pays.  On the Internet, it’s more complicated: both sender and receiver pay their respective Internet Service Providers to move their data traffic.  Now, suppose these are large ISPs who are considering connecting to each other directly.  The ISP who hosts a sender of traffic like YouTube might say to the ISP with lots of individual users who watch YouTube videos: “We seem to have a lot of stuff that your users want, and they’re paying you to get it to them.  What will you pay us to pass this stuff efficiently over to you?”  The ISP with the individual users might reply with a different point of view: “You’ve got a lot of stuff you want to send to our users, and your corporate customer is making money through advertising or subscription fees when our users access it. What will you and your corporate subscriber pay us to be able to reach our captive audience?”  It’s an odd puzzle: both sides benefit from the transaction, so who should pay for it, given that there’s no baseline rule like “sender pays”?

In the past this dilemma between large ISPs has been resolved through peering arrangements that have amounted to simple handshakes: I’ll carry your traffic aimed at my subscribers if you carry mine aimed for yours, and we’ll call it even.  Today those deals are more complicated, and their details are typically trade secrets.  But we know this much: Verizon, like other broadband providers, already says to its customers: pay us more and we’ll give you faster Internet access.  That’s not controversial.  So should Verizon also be able to make a similar offer in the other direction, to faraway upstream content providers?  Verizon could say to Google: regardless of what you pay your own ISP to get your bits launched on the Internet, pay us more and we’ll make sure your YouTube videos get to our subscribers all the more quickly as they come in for a landing.

Google might well be able to pay — and then leave poorer content providers behind.  The next two guys who want to start, say, ShmouTube won’t be able to do it if they’ve got to negotiate business development deals with one ISP after another in order to reach those ISPs’ subscribers.  And that’s the real danger: when each ISP can, in effect, speak on behalf of its unwitting subscribers, serving as the troll under the bridge offering up different conditions for access to them, the economics of the Net will start to favor the consolidated, the well-connected, the well-heeled.  Verizon and Google each have reason to take the trouble to negotiate with one another to begin with — they’ve both big, and each can offer uniquely desirable benefits to the other.  The generative power of the Internet is that it has offered a perch for anyone who wants to plant a flag in the ground.  Set up www.mynewamazingwebsite.com, and people the world over can beat a path to it or not as they please.  That represented a huge change from the proprietary consumer networks of the 1980s and 90s, where AOL or CompuServe got to say who could have a presence within their gated communities.

It may turn out to be too simple to have a blanket rule against ISPs charging faraway providers for access.  There are even some outcomes that make that desirable for consumers — imagine if Internet access were free, with ISPs beating down your door to provide you with broadband, because if you choose them then they’ll get paid by Google et al. for the privilege of sending bits (and ads) to you.  That’s a dubious outcome for a number of reasons, but it’s theoretically possible.  But much more dangerous is if ISPs get to pick and choose: one deal for Google, another for the New York Times, a third for eBay, and no deal at all for mynewamazingwebsite.  In a medium in which so many of the giants were yesterday’s scrappy upstarts — eBay, Google, even the Web itself — it would be a travesty to freeze out the next round of innovation from odd corners by deploying an impenetrable web of contracts and fees.  That’s what I take to be at the core of Chairman Genachowski’s comment that “Any outcome, any deal that doesn’t preserve the freedom and openness of the Internet for consumers and entrepreneurs will be unacceptable.”

Update: More thoughts here.

I’m having similar difficulty understanding Research In Motion’s statement in response to the news cascade following threats by the UAE and other countries to terminate its license to sell Blackberrys unless it’s more cooperative with government requests for surveillance.

Part of the confusion arises from the fact that we’re only seeing a small slice of a government-to-company negotiation — the public threat part — so exactly what’s being asked hasn’t been disclosed, and neither the government nor RIM have much incentive to say more.  And it’s hard to infer what’s on the table since the Blackberry is a Swiss army knife-style digital appliance — it makes phone calls, supports instant messaging, texts, and email — in communication both with other Internet users (including those without Blackberrys) and within a corporate environment.  When trying to figure out what RIM could share if it wanted (or were pressured) to, it helps to consider each service and environment separately.

So how does RIM’s public statement fit in?  Here’s the intro:

Due to recent media reports, Research In Motion (RIM) recognizes that some customers are curious about the discussions that occur between RIM and certain governments regarding the use of encryption in BlackBerry products. RIM also understands that the confidential nature of these discussions has consequently given rise to speculation and misinterpretation.

RIM respects both the regulatory requirements of government and the security and privacy needs of corporations and consumers. While RIM does not disclose confidential regulatory discussions that take place with any government, RIM assures its customers that it is committed to continue delivering highly secure and innovative products that satisfy the needs of both customers and governments.

Strong but vague so far — there’s a compromise to be struck, and RIM hopes to make the right one, bearing in mind the needs and interests of both its customers and its regulators.  It’s how the statement continues that’s puzzling, and to understand requires going from forest to trees for a bit:

Many public facts about the BlackBerry Enterprise Server security architecture have been well established over the years and remain unchanged. A recap of these facts, along with other general industry facts, should help our customers maintain confidence about the security of their information. …

• The BlackBerry security architecture was specifically designed to provide corporate customers with the ability to transmit information wirelessly while also providing them with the necessary confidence that no one, including RIM, could access their data. …

• The BlackBerry security architecture for enterprise customers is based on a symmetric key system whereby the customer creates their own key and only the customer ever possesses a copy of their encryption key. RIM does not possess a “master key”, nor does any “back door” exist in the system that would allow RIM or any third party to gain unauthorized access to the key or corporate data.

At last some specifics.  But they appear extremely selective.  The first bullet point above talks about the encryption of data between a handheld Blackberry and the server operated by RIM — a way station until the data finds its ultimate recipient.  (People intend to email each other, not RIM; the RIM server is just a way to route data from one person to another.)  So the first bullet point offers the assurance that the data can’t readily be accessed between the Blackberry user and the RIM way station.  Fair enough — such encryption is routine.  For example, those who use gmail in “secure” mode — these days it defaults to that — enjoy a similar protection.  No stethoscope gathering radio waves in between can easily decipher what’s going on.

OK, on to the next quoted bullet point, which suggests that once the data is in repose at the way station, even then RIM couldn’t access it.  But here there’s a qualifier: it’s the Blackberry “security architecture for enterprise customers.”  Enterprise customers is a term of art that means customers brought en masse under the umbrella of a corporate enterprise.  If Consolidated Widgets had previously had all its internal correspondence routed through a server in its own basement and wanted to farm that out, RIM could offer an “enterprise solution” where Consolidated Widgets would become its customer, and all of Widgets’s employees could be issued Blackberrys and corresponding email accounts.  In that case, promises RIM, email sitting on RIM’s server would still be inaccessible to RIM.  It’d be private between one sender and one recipient.

Why limit this feature to enterprise customers?  In part because encryption standards haven’t been widely enough deployed to support ready encryption between users without regard to the devices and platforms they’re using.  For me to send you an encrypted email that not even our respective email providers can access requires us to coordinate ahead of time on a standard.  For example, you might establish a key using the Philip Zimmerman’s legendary PGP (“pretty good privacy”) standard, and I could then use it to send you an email that only you can read.  But if you haven’t gone to that trouble, I’m stumped.

That’s not RIM’s fault, but it might make misleading a statement intended to address the overall surveillance controversy — a statement that on a quick read suggests that Blackberry email users enjoy utter secrecy, when in fact it’s necessarily only talking about “enterprise” users who are emailing each other under a single corporate umbrella.  With that understood, the last line of the RIM statement offers much less assurance than it might seem to the average Blackberry user:

RIM assures customers that it will not compromise the integrity and security of the BlackBerry Enterprise Solution.

If the BlackBerry Enterprise Solution is but a subset of what we think of when we think about Blackberrys — namely, intra-corporate stuff — then the fact that it’s assured it both little threat to a government like UAE, which is no doubt concerned about communications and organizing among citizens outside a single corporate environment, and little solace to those very citizens.  And that’s why our questions to RIM should stick to apples in cheeks rather than changing the subject to balls in hands: what assurances can be made about cooperation with government surveillance requests outside corporate intranets?  The assurances need not be without exception to be reasonable — but the parameters of whatever accommodation is reached should be made public.

I welcome correction if I’m misunderstanding RIM’s attempt to dispel misunderstandings.  …JZ

UPDATE 8/5/10: Bruce Schneier has written on the topic here.

There are two differences that jump out between this awe-inspiring alphabetical listing of all Facebook users and a dog-eared telephone directory.  First, Facebook’s directory has a staggering 171 million names in it.  Second, in good news for paper prices everywhere given the first difference, the directory is digital — it’s right there, online.  And if it’s online, it’s scrapable.  Ron, being of the inquisitive engineering sort who can’t help but push a button if he sees one, figured that supply creates demand, and went ahead and scraped the directory.

That means he produced a file on his own hard drive containing more or less the directory’s main contents: for each person listed, a name, the person’s Facebook URL (what one types in to go directly to his or her entry), and unique Facebook ID (not a secret; this is part of a person’s Facebook url).  The resulting file is only a few gigs — amazing how cheap storage has become that so much can be roughly the side of an episode of House.  Ron then placed it online as a torrent — which means anyone can download the file, and voila, a snapshot of Facebook’s membership as of July 2010.

So, is this a problem?  As I’m writing, news is only just breaking, so it’s like that moment when a toddler trips, falls, and then has to think about whether to cry or not.  “You’re OK!” is usually what the alert parent encouragingly says — and if the toddler buys it, it’s usually true.  In fact, even if the toddler doesn’t buy it, it’s still usually true.  In this case, I think I’m with the metaphorical parent.  The data that Ron grabbed is precisely what Facebook users have chosen (or perhaps more accurately, passively acquiesced) to share.  For those who lock their privacy settings to avoid having a public listing in a Facebook search, they’re not present here.  For those who have, they are — along with a click through to their respective Facebook pages however they’ve chosen to share them.

Ron appears a little disquieted by it because of the prospect that the snapshot can live forever more.  If you remove your Facebook account or up your privacy settings, that will be reflected in real time in the Facebook directory and search (or at least it should be!).  But the torrent file exists forever — so one’s privacy choices are locked into that moment.  This is an artifact of having a service — Facebook — converted into a product — a Facebook database — the way that universities used to not just maintain online directories, but also publish bound volumes of their alumni with addresses, for those who opted in.  (In fact, many universities still do this; someone should tell them about saving the trees.)

There’s some privacy hit there, but there are also benefits.  By making a public directory — and a scrapable one, no less — Facebook gets more inbound links and attention as its members become easier to find.  And we benefit by having Facebook’s subscribers’ public pages indexed by the likes of Google and Yahoo! search.  In fact, when searching on a person’s name in a regular search engine, quite commonly a Facebook entry is one of the top hits.  That seems to me a good thing, and once Google, Yahoo!, and Bing have it, why shouldn’t Ron and anyone else who wants it have it too?  Indeed, Ron already did some cool stuff with the data.  For example, he crunched it all and came up with a list of Facebook’s most commonly used first and last names, discovering “Michael” and “Smith” coming in at number 1 for each.  Congratulations, Michael Smith, you are hidden in plain sight, since a search for you turns up so many others at the same time!  (Not so much with “Jonathan Zittrain”…)

Anyway, that’s generativity at work: Facebook makes available a directory on free and open terms, and people do stuff with it, some of which can surprise us.  There could be bad surprises, too — Ron and others hint at undesirable data mining — but I’m glad that the gates of Facebook’s gated community have some slats in them, rather than being a solid wall.  At most, it seems to highlight the desirability of getting the defaults right: Facebook shouldn’t have people automatically publicly sharing stuff they’d not normally share, without clear markers on what’s about to happen.  As Google would say, “Please read this carefully.   It’s not the usual yada yada.”

Indeed.  There have been so many Facebook privacy mini-scandals that we’re primed for the next, and the involvement of a torrent file adds an element of seeming subversiveness to the mix, given the association of p2p with contraband material.  But sometimes when the boy cries wolf it’s just a shadow.  I count 8 Yadas in the Facebook directory.  And I, along with my cool musician brother Jeff Zittrain, fall in between Aron Zittra and Austin Zittrauer.  Until now, who knew?  Interesting — but not pitchfork worthy.  …JZ

Google has taken a different tack with Android: they’ve largely surrendered the power to pre-approve apps, because Android users can always download apps from third-party sources. But they too have a kill switch, and according to the Android developers’ blog post, they decided to use it a few weeks ago. (It’s not totally clear from the blog post, but it sounds like they’ve also used it before on clearly malicious apps.) An app that claimed to offer Twilight photos turned out to be a demonstration, done by researchers, of how easy it would be to create an app that would turn phones into a botnet. The app didn’t actually create the botnet (and it didn’t show Twilight photos, either, so most disappointed downloaders deleted it), and the researchers presented their work at the conference. Nonetheless, after they heard about it, the Android team decided to remotely delete remaining copies of the app as part of a “cleanup” process. Affected users received notifications.

I can see why they wanted to do that. A report documenting Android vulnerabilities was recently released, and it’s caused some hand-wringing over Android’s security. There’s also no sense in leaving a loaded weapon laying around. And I’m glad they told both customers and everyone else that they’d deleted the apps. Still, I do worry about the removal of an app that isn’t actually harming any machines. More generally, I think that if Android is going to stick to the plan to not pre-screen apps and have an open system, they and we are going to have to think seriously — more seriously than Apple has had to — about the ethics of the kill switch. Questions like whether there should there ever be an opt-out, whether users should get refunds, and whether it should be used in cases other than damaging viruses are all still wide open.

And a few quick links:

Leaked MS Presentation Shows App Store Plans For Windows 8. Why all this thinking about app stores and kill switches matters: there are already plans to transfer the app store model from phones to PCs, where the arguments about the virtues and harms of contingent generativity have even more salience.

Google’s mismanagement of the Android Market. Jon Lech Johansen thinks the lack of pre-screening is hurting Google and Android.

Did Apple Flip the iOS Kill Switch on NDrive? Wait, has Apple already used the kill switch?

New zombie code in effect by December. Here’s a totally different option for improving security: let users keep open PCs, but if they become infected, have their ISPs quarantine them or reduce their internet speed to a crawl. That way, users will have to get their computers fixed and can’t keep infecting others. Internet Industry Association CEO Peter Coroneos said of the plan: “I’m sure there are people around that resent having to put new tyres on their car when they’re unroadworthy, or have their breaks done . . . But the reality is that we have argued that internet users have a responsibility not only to themselves, but also to other users on the internet.” The code will be made available to Australian ISPs soon.

One Brown Package: From Seattle to Norway. Why we love the internet in the first place: unexpected avenues for fun, creativity and kindness (here, in the form of people working to get a package from Seattle to Norway). They claim inspiration from JZ’s TED talk on the web on random acts of kindness.  The package is currently reported as missing.

—By Elisabeth Oppenheimer

Facial recognition and next generation privacy. David Thompson gives an update on the progress of facial recognition software and its implications for privacy 2.0.  In addition to describing the revolution in surveillance capabilities that occurs when a person can be identified on any security camera feed or in any of the more than three billion photos on Flickr, he notes that Face.com released an API last month, allowing developers free access to its facial recognition technology and the green light to adapt it for new uses.  Here’s hoping the appropriate norms evolve in tandem.

Defamation liability: please fwd. A bankruptcy court in Texas has ruled that forwarding an email link can be considered defamation.  The defendant in the case didn’t send a copy of the actual content, just a link to a website.  Neither had he written any of the defamatory content on the website.  It’s unlikely that the ruling will survive an appeal, since forwarding a link probably doesn’t amount to the required element of “publication” under a traditional interpretation of defamation law.  Still, it’s something to think about the next time there’s a link to a juicy tabloid story in your inbox.

Shifting foundations of the App Store. Apple continues to indulge its discretion when it comes to approving iOS apps.  This time it pulled an app for being “widget-like,” despite approving three previous versions.  The frustrated developer asks “How can a company be prepared to invest into a platform that can change at any time?“

It Gets Worse: Apple Censors a Gay Kiss in Oscar Wilde Comic. In another Apple censorship story, the company appeared to block out a kiss in a comic book because two men were doing the kissing. To be fair, it’s not entirely clear to me from the pictures in the article whether the same-sex kiss was the cause of the blackout, but the author claims that similar opposite-sex scenes have gone unchanged in other comic books. As he says, “the more examples I see of Apple’s capricious censoring, the less funny it is.”

Steve Jobs at D8: Post-PC era is nigh. In the introduction of the book, JZ predicted that Steve Jobs, having launched the PC era, was about to usher it out. Now, Jobs says the same thing. According to him, “PCs are going to be like trucks … they are still going to be around,” but “one out of x people will need them.”

TiVo’s ‘Big Win’ Over Dish On Patents Looking Less And Less Solid, As Patent Office Rejects Patent Claims. Update in the TiVo-EchoStar battle: we may never find out if EchoStar will actually have to remotely kill already-purchased DVRs, because the Federal Circuit is rehearing the original patent claims en banc.

—By Jennifer Halbleib and Elisabeth Oppenheimer

The issue is larger than one firm’s unfortunate misstep.  It echoes across the entire Internet.  Call it the Fort Knox problem.

Fort Knox represents the ideal of security through centralization: gunships, tanks, and 30,000 soldiers surround a vault containing over $700 billion in American government gold.  It’s not a crazy idea for a nation’s bullion; after all, the sole goal is to convincingly hoard it.  But Fort Knox is an awful model for Internet security.

Our IT environment has traditionally been immune from many Fort Knox issues, because its architecture has encouraged decentralization.  One PC might be compromised, or Web site might fall, but others stand.  Bad guys on one side of the spectrum, and well-intentioned regulators on the other, each had to sweat to have an impact on Internet activities.

But the bad guys were clever and industrious.  Their digital robots came to costlessly crawl the Web looking for computers and sites to compromise, leveraging their reach.  Operators of well-financed Web sites have dealt with rising anxieties about security by spending enormous amounts of money on digital bunkers and backups for their data, while littler ones have hunkered down and simply hoped they wouldn’t be hit.

The public sector has been confused about how to help.  Governments know how to maintain and defend their roads and waterways, but have been stymied in cyberspace: so much of it is rightly privatized that there’s no obvious place to station a guard and no way to fill a digital pothole.  Worse, since identifying those behind intentional attacks online is exquisitely difficult, the traditional state tools of deterrence and punishment are ineffective.

That’s why we now see centralization under a few major corporate umbrellas under which disparate activities can be gathered.  The lures of security, interoperability and economies of scale have propelled much of the Web from a vibrant ecosystem of different, and differently managed, PCs and sites to one where a handful of private Fort Knoxes take responsibility for security.

But we can’t simply put our precious data into a single well-protected vault and peek in every few years.  We need to guard our PCs and data, but we also need them to be part of a worldwide network.  When we’re not masking our digital trail, we’re eagerly sharing it.  If we try to centralize its protection, it’s not a one-time transaction: rather, we need a constant gatekeeper who signs our data in and out every time we want to make use of it.  That’s a thread that runs from the McAfee debacle, where millions of people and firms turned the keys to their computers over to a third party to handle, through to cloud-based platforms like Facebook, where the company’s assent is increasingly needed to run unrelated applications on its platform or to log in to unaffiliated Web sites that no longer care to maintain their own digital borders.

If McAfee makes a mistake, many people pay at once.  If Facebook’s computers go down or are compromised, thousands of otherwise-independent applications and sites suddenly go down with it.  It’s not just our own data and transactions at risk, but our collective memory: the flip side of a centralized defense against bad guys is vulnerability to well-meaning good guys.  For example, if the generally laudable Google Books project is a spectacular success, we’ll see libraries give up their moldering, isolated archives of regular books in exchange for PC terminals where patrons can peer at an ephemeral digital copy drawn from Google’s central archive.  It makes sense – and no doubt Google has near-impregnable backups – but it’s also an opportunity for a government to intervene in worrisome ways.

For example, if one book in the system contains copyright infringing, or defamatory, or obscene material, those aggrieved can get a court order requiring the infringing pages of the book to be deleted from the central server.  This vulnerability affects every book that is distributed and maintained through a centralized platform.  Anyone who does not own a physical copy of the book – and a means to search it to verify its integrity – will now lack access to that material.  By centralizing (and to be sure, making more efficient) the storage of content, we are building a world in which, as a practical matter, all copies of once-censored books like Candide, The Call of the Wild, and Ulysses could have been permanently destroyed at the time of the censoring, and could not be studied or enjoyed even after subsequent decision-makers lifted the ban.

So what do we do?  We have two things going for us that the real Fort Knox doesn’t: we can make copies of our digital gold, and there are lots of us, each with our own stake in security and autonomy.

First, so long as there aren’t undue barriers to extracting our own data from cloud platforms or our own PCs, backups can become more seamless, and made in a variety of ways, making a McAfee misstep or anything like it less costly.  Then we have our cake and eat it too.  The same principle applies to projects like Google Books, where participating libraries can arrange to securely maintain their own gold copies of Google’s precious trove – kept to compare against others’ copies, so omissions and changes can be detected and appropriately challenged, not leaving Google with the sole burden of holding off government speech regulation.

Second, we need to reinvigorate the Internet’s principle of open, distributed architecture that has sparked so much growth and innovation.  Our choices for security aren’t simply among government soldiers, corporate mercenaries, or our own personal barricades – though each has a valuable role to play.  Rather, we can reinforce open, shared early warning systems to enumerate and deal with security threats, whether against PCs, Web sites, or Internet connectivity.  With a few technical tweaks, we can all further help relay data from Web sites that are under attack, stabilizing their presence.  Security shouldn’t have to be purchased like a personal bodyguard.  Far more flexible than Fort Knox are people, each with their own pocketed gold and machinery, empowered to look out for one another.

A version of this appeared in the Financial Times on June 3rd, 2010.