The Personal Computer Is Dead

Power is fast shifting from end users and software developers to operating system vendors.

By Jonathan Zittrain

Google wrestles with the generative trade-off. Security experts have found another set of malicious apps in the Android Market and discovered that Google Docs regularly hosts phishing sites.

Falun Gong sues Cisco for facilitating official Chinese repression. Members of Falun Gong have sued tech giant Cisco in a U.S. court, alleging that the company customized its technology to meet government tracking and censorship needs and helped design China’s Golden Shield, the country’s infamous online censorship and surveillance firewall. The group also claims that Cisco marketed its technology as a tool to target government dissidents.

Hargreaves Review published. The review evaluates the fitness of the UK’s intellectual property regime for an internet age. It finds that IP laws put in place several hundred years ago are now stifling modern innovation and goes on to make ten specific recommendations for IP law reform to correct the problem. These recommendations include approaches to clearing patent thickets; dealing with orphan works; and transitioning to evidence-based, rather than lobby-based, IP policy; as well as rejection of a US-like fair use limitation.

Facebook users benefit from a Web of Trust. Clicking a link on your Facebook page that the crowdsourced Web of Trust service has identified as spammy or malicious will now bring up a warning that you may want to avoid the suspect site (and also check out Wikipedia entries on malware and phishing).

iFlowReader closes. Independent iOS e-book retailer iFlowReader shut down at the end of May. According to the company, Apple’s new e-book seller rules made it impossible to turn a profit. (The rules require sellers to give Apple a 30% cut of sales while at the same time limiting the seller to only a 30% commission, so the seller gets the commission from the publisher but then owes it all to Apple.) Company execs expressed frustration that, in their view, Apple maintained complete control over its platform and felt free to change the rules on developers, even after they, relying on the old rules, had been induced to make significant investments.

TiVo and EchoStar settle. The case involving a judicial order to EchoStar to send a remote signal disabling its customers’ DVRs ended in a whimper last month when the parties settled after the Federal Circuit held that EchoStar had waived its arguments that the disablement provision was vague and overbroad. EchoStar had asserted that it legally should not have been forced to disable the DVR boxes because it implemented a design-around instead so that the boxes no longer infringed TiVo’s patents. But the court didn’t reach the merits of this argument, since it held that the time to raise such issues was before the district court found EchoStar in contempt. So while we know that the Federal Circuit doesn’t have a problem with trial courts issuing a disablement provision to remedy patent infringement, we still don’t know whether the infringing party could avoid disabling its users’ products by pushing an update that replaced the infringing technology with a non-infringing alternative.

—Jennifer Halbleib

The U.S. government uses a PC control switch? The U.S. federal government obtained a temporary restraining order in April that allowed it to send to private computers unwittingly part of a massive criminal botnet a command that disabled the malware. In the past, the government has cut off or seized the command-and-control servers and computers that run a botnet, but here – without notice, because federal agents were still trying to collect the IP addresses of infected computers – the government issued a command to personal computers owned by innocent targets of the Coreflood botnet. Arguably, since Coreflood steals private data and loots victims’ bank accounts instead of just generating huge amounts of spam, the government had sufficient justification to order citizens’ (and non-citizens?) computers to kill the program. But in addition to concern that the command itself might unintentionally damage some private machines, such a path may be quite slippery. After all, prevention may be cheaper than disease; why shouldn’t the government push security software to all personal computers? And why shouldn’t it monitor citizens’ online activity to make sure they aren’t downloading programs from malicious sites? Nonetheless, how different is the command in this case from required residential building and health standards or mandatory vaccinations for schoolchildren? The government regulates personal safety in the real world when it implicates the broader public good, why shouldn’t it do the same online? And in the end, an individual can avoid running the command on his computer (and dodge the botnet risk, too) by simply disconnecting from the Internet.  Of course, that makes the computer slightly less useful.  The phenomenon is reminiscent of this Wired account from 2003, though note the reporter’s credibility appears to be in question.  (!)

Google’s questionable Grooveshark takedown. Last week, the Electronic Freedom Foundation criticized Google for removing the popular music service Grooveshark’s app from the Android Market. Google has said that it was responding to an RIAA complaint but has not explained the basis of that complaint. The company did not require notice before the takedown as provided for by the Digital Millennium Copyright Act. If the complaint was grounded in copyright, EFF noted that Google’s actions departed from its longstanding position of requiring such valid notice before takedown. Because the move coincided with Google’s testimony before the Senate Judiciary Committee, EFF speculated that it was designed to mollify any Congressional skepticism that Google was not committed to copyright enforcement.  Note that apps can still be added to a phone without having to go through the Android Market.

More consumers demanding iPads in place of laptop PCs. Last quarter, Apple’s profits exceeded Microsoft’s for the first time since 1991. Overall PC sales declined 2%, consumer PCs dropped 8%, and netbooks –  the inexpensive and mobile generative PCs most similar tablets like the tethered iPad – fell 40%.

Translating iOS to WP7. Meanwhile, Microsoft is contesting Apple’s dominance of the tethered device market. Microsoft now offers a tool that helps developers convert their iOS apps to Windows Phone 7 apps. It maps the WP7 application programming interface – the set of definitions and rules an app uses to communicate with the phone’s operating system – onto the iOS API, making it easier for developers to port their apps to WP7, giving Windows Phone 7 users access to more apps, and allowing Microsoft to compete with Apple in app marketplace size and range sooner.

And a related discussion of generative PCs and tethered devices including thoughts on JZ’s thesis in the book, as well as a take on his concerns about crowdsourced work.

—Jennifer Halbleib

Then in September the FCC announced that its open Internet proceeding was continuing, and yesterday the commission’s agenda for the December meeting suggests a vote in short order.

While the proposed rules are not yet publicly available, reports drawing from the chairman’s speech yesterday and other talk in DC have something modeled on Congressman Henry Waxman’s draft legislative proposal.  The central plank is that broadband Internet service providers — at least non-wireless ones — must let their subscribers get where they want to go on the Internet.  An ISP can’t decide, say, that you’re not to be allowed to get to facebook.com or that your service package doesn’t permit streaming video or Internet telephony, each of which could conceivably compete with other services offered by the ISP, such as regular cable television or phone service.

It’s good to have that off the table — it would be awful if ISP’s started to do such things, and the prospect isn’t as far-fetched as it might seem.  An ISP might want to charge Facebook or Vimeo or some other content source for the privilege of reaching the ISP’s subscribers, and the most direct way to do that is to threaten to halt the movement of bits from that source until a deal is reached.  (This might look something like the recurring fights between the likes of Cablevision and Fox over showing the World Series, though in that case it was the content provider holding out for payment from the cable company.  The risk that eager fans might not get to see baseball resulted in calls for FCC and Congressional intervention.)

With a net neutrality rule in place, if a Web site’s bits can’t be stopped in the middle just on the basis of where they came from, the ISP can’t threaten to come between the site and its users.  The market alone may not be able to deal with this in the absence of a net neutrality rule, both because there isn’t much competition for broadband at a given location and because it’s good for people to have assurances ahead of time that sites they are beginning a relationship with — as they put photos on Flickr or stow mail on Gmail — won’t suddenly be pulled out from under them, held ransom to extra payments either from the sites or from them.

The telcos and other ISPs seem reconciled to this prospect, at least for wired networks.  Now’s the time to lock that in, when such holdups are not central to their business models — not by source, at least — and even application blocking has not historically been a core goal.  (To be sure, five years ago at least one U.S. ISP appeared to be blocking an Internet telephony service, and it’s happened elsewhere on a larger scale around the world.)

The FCC rules are said to exempt wireless from this mandate, instead simply requiring transparency about what’s being blocked.  [Update: A look at the FCC chairman's speech suggests there may be more than a transparency requirement for wireless; it mentions a "basic no blocking rule" there too.  That would track the Waxman bill at p. 4 lines 1-7.] My reaction now is the same as it was when that division between wired and wireless was proposed as part of the Google/Verizon “framework” the two companies released in August.  Basically:

Some critics have said: who cares about network neutrality for regular broadband; wireless is the important part.

I’m not so sure.  If the framework had said the opposite — Verizon is OK with network neutrality for wireless but not for regular broadband — I can imagine many critics being just as upset, saying that wireless is still ancillary and that full broadband, with consumers’ wi-fi attached, is what really matters.  I guess they’d say that both matter.  I’m skeptical myself of rules that carve a difference between them — one point of the Internet is to be medium-agnostic — but I’m less inclined to find an evil plan lurking in the differentiation.  I can see that bandwidth management, at least, can be more crucial for wireless than wired at this stage in its development, and a Verizon might not feel comfortable having to justify any policies in those terms as an exception to a network neutrality rule.  I’m less confident that there’s robust competition in the wireless Internet space — there are still only a handful or providers, and switching among them is costly.

If a basic net neutrality mandate can be established for broadband — not only formally mandated by law (which includes FCC edict), but accepted as doable by the ISP’s — that’s good progress, and a metric against which the wireless ISPs will always be measured.  Any protestations that they have to discriminate for the network’s sake — or for the sake of a business model — will be increasingly belied by their wired counterparts’ experiences under no-longer-controversial net neutrality rules. [And if the rule for wireless goes beyond the weak tea of Google/Verizon -- no-blocking as well as transparency -- that much the better.]

Another exception built in is for reasonable network management.  Some critics have described this as a hole large enough to drive a truck through.  But there has to be some kind of exception.  The most obvious example is if a denial-of-service attack is in progress; there an ISP may refuse to carry bits precisely because of the content or purpose of the communication, discriminating by source, and no one would find that unacceptable.  Should “reasonable” be stretched too far that could lead to trouble — but the alternative is to try to write down a more detailed set of technical requirements that might become stale very quickly.  (I’m also no fan of Internet privacy legislation that makes specific reference, say, to “cookies.”)  This is exactly what a commission is for: to lay down principles, to stand by them, and then to adjudicate complaints under them with the benefit of transparency about what’s going on.  The ongoing Level 3/Comcast dispute is a great example of the utter rabbit hole of complexity — coupled with obscurity — surrounding some disputes over the movement of bits.  There’s no easy rule I can think of to anticipate it, much less resolve it, today.  (And on that example, I hope to be part of a Berkman Center podcast next week exploring the topic as a way of thinking through just how unusual and not-fully-realized the economics of Internet connectivity are.)

Finally there is the question — abstruse to anyone who isn’t a student of US telecom law — of whether the FCC should proceed under its “Title I” or “Title II” authority here.  You can read some of the details in a guest post by Kevin Werbach at the FCC blog here.  Essentially Title I is the weaker brew — so-called “ancillary authority” — and the FCC’s use of it to advance the first round of net neutrality rules is what got it into trouble in the federal court ruling mentioned at the beginning of this post.  Title II is stronger medicine, representing a claim to be able to more comprehensively regulate in the area, and ISPs have long rued the prospect of a reclassification of Internet services to Title II.  I think whatever works … works.  If this can happen with Title I, despite the D.C. Circuit ruling, great.  If not — Title II remains a possibility.  (Congressional action could clear all this up, of course, but it seems remote that Congress would wade into this once it reconvenes politically divided between House and Senate.)

I’ll read the proposed rules with interest when they’re released.  In the meantime, the Chairman’s speech shows the FCC knows what’s at stake and is moving within a field of complex interests and claims to assure an Internet that’s not cantonized, and that is open to new applications and content coming from anywhere, not just incumbents.

As part of a panel on net neutrality yesterday at Yale Law School with Susan Crawford, Dawn Nunziato, and Nick Bramble, I’ve drafted some general thoughts on why net neutrality matters.  That should be up on a Yale site next week — I’ll link to it or include a copy here once the essays are released.

Zak Tanjeloff, chief executive of the app’s creator, DLP Mobile, said in a news release: “This app is certainly controversial, but can be helpful to people in relationships where this type of monitoring can be useful.”

Controversial, indeed; I think it’s awful and here I am spreading the word about it.

It was up in the Android app store until the NYT inquiry got it taken down.  The company behind it didn’t bother with a counterpart for the iPhone:

Mr. Tanjeloff said in a phone interview that his company had decided to build the SMS application for the Android platform because it would not need to be reviewed before it reached users.

“We can’t build it for the iPhone because it wouldn’t make it past the App Store approval process,” Mr. Tanjeloff said.

Here, then, a certain generative trade-off, one I’ve described more with viruses and trojans from afar than a fellow phone-user’s malice.  With the iPhone, apps like these just aren’t available — at least without the stalker having to jailbreak the targeted iPhone first.  On the more generative Android, it’s simply easier for bad stuff to brazenly find its way onto the platform since Google isn’t as obsessed with curating the selection of software for the phone.  And with Android, the official apps market isn’t the only source for software — so the banning of SMS Replicator there doesn’t exclude it from the phone; the enterprising stalker can install it from elsewhere.

Such software has been available for a long time on PCs, and few if any would say that its existence would be reason to upend the generative PC environment.  But the competition between Android and iPhone highlights that generativity really does come with some costs.  Should there be a well engineered Android worm that hops from phone to phone — either directly or by going through the SMS or email addressbook of each victim and recommending installation to the next — those costs will be even more drawn into focus, and the temptation may arise quickly to update Android not to be so open — or to exercise a kill switch targeting a particular piece of code.

It suggests the need, at least, for some easy-to-use auditing software for generative (or partially generative) platforms, Android, iPhone, and PC alike, so users can have a sense of what’s going on inside the device — and what data is going in and out.

To be sure, the generative dilemma trading off openness and security interests me because it runs so deep.  More superficial security problems can happen even on more locked down platforms, such as today’s revelation by Wired that a quick key sequence can apparently bypass an iPhone’s four-digit security code.  iOS update no doubt soon to follow.

Addressing the zombie invasion. U.S. officials are evaluating an Australian plan that targets the botnet epidemic. In particular, the American government is eying provisions that allow an ISP to notify customers with infected computers — since botnets typically run in the background of a user’s own applications, often the consumer is unaware that her PC has been taken over — and perhaps even quarantine maliciously co-opted machines by limiting online access. As the FOI book echoed in 2008, such a program increases security without resorting to perfect enforcement and may also encourage ISPs to provide consumers with tools to disinfect their computers, either as part of the service plan or for an additional fee.

iOS developer guidelines relaxed enough for torrent apps? Last week Apple approved its first BitTorrent app. But it turns out that Apple didn’t intend to allow torrent apps. Instead, the developer avoided the term “torrent client” in the app description, temporarily evading rejection. When Apple became aware of the app’s capabilities, it removed the app from the App Store.

Android apps share information. A Duke-Penn State-Intel study using the new TaintDroid tool revealed that half of thirty randomly selected popular Android apps send personal information such as location or phone number to ad networks, sometimes with surprising frequency. When an Android owner downloads an app, he or she has to give permission for the app to collect personal information. But from that sole initial disclosure it’s usually not clear when information will be accessed and how it will be used. Privacy policies are often unintelligible. Hopefully utilities like TaintDroid will soon be available in downloadable form to allow Android (and iPhone) owners to monitor in real time what information their apps are accessing.

Italy demands that Apple remove an offensive app from the App Store. Child pornography? No. Graphic violence? Not so much. Italy is upset that a travel app characterizes the country as the home of the Mafia (also of pizza and scooters). Since Italy knows Apple can remove the app, it may feel entitled to demand that the company do so whenever Italians’ dignity is the least bit bruised. In a walled garden, the country of Da Vinci need not cultivate perspective.

RIM jumps on the anti-fart app bandwagon. RIM takes the position that apps that keep users coming back and convince them to purchase upgrades or additional content are more valuable to RIM and developers than fart apps. But should the value of an app be determined ex ante by device-makers or set by user behavior? Good search and rating systems seem like a better way to run an efficient app store — one that allows both apps that provide “ongoing entertainment value” and inexpensive, one-off apps that may serve important, if temporary, functions. (Ever unexpectedly have to entertain a child for an afternoon?) Still, nice of CompuServeRIM to tell us what we want. Because listening to users and developers isn’t a plan that’s going to work.

Can a wireless provider block texts it doesn’t like? New York federal court was presented with that question in a case where T-Mobile blocked all texts from a texting service because one of the service’s clients provided information via text on legal marijuana dispensaries in California. Under the recently proposed Google-Verizon net neutrality principles (analyzed here), a wireless company would have latitude to discriminate based on the sender, recipient, or content of the message as long as its practice is transparent. But it’s hard to see how the discrimination in this case is required because of the “unique technical and operational characteristics of wireless networks.” We’ll have to wait to see how courts address the issue as the parties have settled the case. Although the full terms of the agreement weren’t disclosed, it “requires T-Mobile to stop blocking the New York-based EZ Texting service’s thousands of clients, if they meet T-Mobile’s approval. The medical-marijuana info service, which used texts to tell its users where the nearest medical-marijuana store was, remains blocked.” (emphasis added).

The future of HR. Social Intelligence will help potential employers determine whether you are a good hire and monitor you (with real-time updates) when you’re on the payroll by trolling your public social network profiles. “[C]ompany spokespeople emphasize liability. What happens if one of your employees freaks out, comes to work and starts threatening coworkers with a samurai sword? You’ll be held responsible because all of the signs of such behavior were clear for all to see on public Facebook pages. That’s why you should scan every prospective hire and run continued scans on every existing employee.”

iPhone expression that’s more than skin deep. Children and adults with disabilities affecting speech are converting their iPhones to alternative communication devices. Smartphone apps that are mobile, easy to use, and even cool give a voice to autistic kids and stroke victims alike.

—Jennifer Halbleib

Unfailingly quotable Steve Jobs summed up Apple’s position on third-party development tools when the restrictions rolled back this month were originally instituted in April: “We’ve been there before, and intermediate layers between the platform and the developer ultimately produces sub-standard apps and hinders the progress of the platform.” At the time, many Internet news outlets considered the new rules a nativist response to the release of an Adobe cross-platform app development tool, which allows programmers to write apps once using Flash and then create variations for multiple mobile operating systems. Now Adobe’s tool and others like it are back in the game. The major remaining restriction, that an app can’t download any code, appears legitimately motivated at least in part by security concerns. But Adobe notes that Flash content in apps or the Safari web browser still is not allowed — developers can create apps with Flash but users can’t view Flash video.

Other restrictions imposed by Apple this year limited the analytic information an app could collect when the developer used an advertising network owned by a company that also made a device or an operating system. For example, AdMob is owned by Google, as is Android, so developers using AdMob couldn’t access the same information as, say, those using Apple’s iAd. Developers use ads to pay for free apps and need analytics to accurately target the ads to users. In an important corollary to loosening restraints on app developers, Apple now seems to permit unrestricted collection of analytic information by any mobile ad platform. If true, it will allow more mobile ad companies, and Google and AdMob in particular, to compete for app developers in the iPhone market.

Although the review guidelines are behind the iOS developer fee pay wall, they quickly leaked onto the Web. Apple must still approve every app, but now the company is providing some ex ante guidance for developers. However, the wording of the press release and guidelines is vague and broad, and terms are undefined. What’s “amateur”? To qualify as not amateur, does an app either need to look professional or be an idea so cool that Apple doesn’t care how polished the app is? The judges at Apple retain substantial discretion in interpreting the guidelines. But now at least their interpretation is confined within more precise parameters than Steve Job’s “porn, malicious, bandwidth hog, illegal, privacy, and unforeseen.” The judges are human, so they will make mistakes. But if they’re also good judges, their mistakes will be fewer in number, both because they have the guidelines in hand — which may have been true before the guidelines were public — and because developers will work to adhere to the guidelines and avoid the grief of getting rejected. Already, highly anticipated apps like those with Google Voice are being reinstated under the new regime.

Nevertheless, the powers-that-approve at Apple won’t be entirely “good” from the point of view of users, because these judges are never entirely accountable to consumers. In a perfectly free market they would be, but not in a world of two-year contracts, exclusive service providers, and trapped data. Apple must take into account corporate interests, regulatory concerns, input from their business partners, developer needs, and the like, as well. Not that perfect accountability is necessarily desirable; most U.S. judges are life-tenured, free from the control of the citizenry (mostly). This situation allows them to make decisions for the long-term benefit of society rather than being pressured to give into immediate demands that will cause bigger problems later. But federal judges are insulated from all constituencies, not beholden to several masters. iOS users and the developers that program for them know that Apple takes other considerations into account besides users’ first-order best interest. Perhaps Android will challenge Apple’s curation with a search-based approach that relies on users’ judgment of what apps they find valuable and what is the appropriate number of, say, fart apps.

That said, the shift in Apple’s policy is reason for optimism. While Apple can change its mind and rescind the changes, as JZ notes, once you crack open a platform, even just a little, it’s hard to go back. As soon as users and developers rely on the increased freedom, they will consider it unfair of Apple to backtrack. Perhaps Apple is slowly relinquishing control of the iOS platform.  First came the SDK, then more liberal development rules, what’s next?

—Jennifer Halbleib

I wrote the Future of the Internet — And How to Stop It, and its precursor law review article the Generative Internet, between 2004 and 2007. I wanted to capture a sense of just how bizarre the Internet — and the PC environment — were.  How much the values and assumptions of, metaphorically, dot-org and dot-edu, rather than just dot-com, were built into the protocols of the Internet and the architecture of the PC.  The amateur, hobbyist, backwater origins of the Internet and the PC were crucial to their success against more traditional counterparts, but also set the stage for a new host of problems as they became more popular.

The designers and makers of the Internet and PC platforms did not expect to come up with the applications for each — they figured unknown others would do that.  So, unlike CompuServe, AOL, or Prodigy, the Internet didn’t have a main menu.  And once for-profit ISPs started rolling the Internet out to anyone willing to subscribe, there came to be a critical mass of eyeballs ready to experience varieties of content and services — the providers of which didn’t have to negotiate a business deal with some Internet Overseer the way they did for CompuServe et al.  Some content and services could be paid for, at least as soon as credit cards could function cheaply online, and other could be free — either because of a separate business model like advertising, or because the provider didn’t feel inclined to monetize visiting eyeballs.  Tim Berners-Lee could invent the World Wide Web and have it run as just another application, seeking neither a patent on its workings nor an architecture for it that placed him in a position of control.  Today, of course, the Web is so ubiquitous that people often confuse it with the Internet itself.

When bad apples emerge on an unmediated platform — and they do as soon as there are enough people using it to make it worth it to subvert it — it can be difficult to deal with them.  If someone spams you on Facebook, the first step is to make it a customer service issue — complain to Facebook, and they can discipline the account.  If someone spams you on email, it’s much trickier, because there’s no Email Manager — just lots of email servers, some big, some little, and many of them with accounts hacked by others.  That’s one reason why a newer generation of Internet users prefers Facebook or Twitter messaging to old fashioned email.  Same for the PC itself: with no PC Manager, there’s no easy way to get help or exact justice when exposed to malware.  I worried that malware in particular, and cybersecurity in general, would be a fulcrum point in pushing “regular” people away from the happenstance of generative platforms designed by nerds who figured they could worry about security later.  Hence a migration to less generative platforms managed like services rather than products.

I understand and sympathize with that migration.  But it’s important to recognize its downsides — particularly if one is among the libertarian set, which has been comprised some of the most vocal critics of the Future of the Internet.  Whether software developer or user, volunteering control over one’s digital environment to a Manager means that the manager can change one’s experience at any time — or worse, be compelled to by outside pressures.  I write about this prospect at length here.  The famously ungovernable Internet suddenly becomes much more governable, an outcome most libertarian types would be concerned about.  Many Internet freedom proponents aren’t willing to argue for or trust those freedoms to a “mere” political process; they prefer to see them de facto guaranteed by a computing environment largely immune to regulation.

Lessig now seems to disagree with that; his view in Code 2.0 is that:

citizens of any democracy should have the freedom to choose what speech they consume.  But I would prefer they earn that freedom by demanding it through democratic means than that a technological trick give it to them for free.

It’s an interesting bookend to a small gem of an article he wrote in 1999, where he said:

The architecture of cyberspace embeds a set of values, as it embeds or constitutes the possible. But beyond the values built into this architecture, there are values that are implicated by the ownership of code. Its ownership can enable a kind of check on government’s power-a separation of powers that checks the extent that government can reach. Just as our Constitution embeds the values of the Bill of Rights while also embedding the protections of separation of powers,[] so too should we think about the values that cyberspace embeds, as well as its structure.

Randal Picker, in a terrific article revisiting the famed Sony case that upheld the right of manufacturers to make and sell VCRs, despite the fact that surely many people were using them to infringe copyright by recording shows for their personal libraries, outright welcomes new forms of regulation made possible by software becoming a service.  My brief response to (and disagreement with) his article is here, but both of us agree that new kinds of regulation lie in our future.

So, has the future happened?  Certainly young coders today are writing for the Facebook and iPhone apps platforms more than they are for Windows, OS X, or GNU/Linux.  Those platforms haven’t been “sterile” — e.g. resistant to all outside development, as the book’s introduction feared.  Rather, they’re what I called “contingently generative” and what Sarah Rotman Epps more pithily calls “curated computing.”  The idea is the same: to be generative enough to welcome outside coders — indeed, if wildly successful, to turn other platforms into ghost towns — but to be able to modify what they do at any time, before or after the fact.  Not only does that set the stage for monopolistic behavior — developers, many coding for fun, build empires that are then hard to move to a new platform when the rules change — but also for new regulation.  Android is an interesting development here — a sort of canary in the coal mine, as the Android platform contemplates more “off roading” by users, running unapproved apps, than the iPhone does.  It’s too early to say which model will prevail, especially as either one, being contingent, can evolve towards the other.  Steve Jobs could announce freedom to run outside code on iPhones tomorrow, and Google could revise Android so that only apps from the official Android store can persist.  Either vendor can kill an app, or the entire phone, at a distance, if it detects jailbreaking, or for any other reason.

In 2004, the Web was going strong, but much of our time was spent outside a browser: email was Outlook or Eudora, word processing was Word, spreadsheets were Excel, etc.  If you were given only a browser, there’s a lot of work you’d have a hard time doing.  Today that’s simply not true.  Google docs and spreadsheets are spreading, and Microsoft is hastening to catch up with Windows Live.  Yet some have trumpeted the end of the open Web, and cited the Future of the Internet to buttress their claims.  They have a point.  Just because something can be accessed by a Web browser doesn’t make it part of the Web.  (You can even just open a file on your hard drive using your browser, most easily if it ends in .html.)

If the services we migrate to online are still controlled and curated by only a handful of gatekeepers, we run all the risks, and stand to lose many of the benefits, of the generative Internet.  I’m not ready, as others may be, to say that essentially every new technology has its infancy and adolescence, where it’s chaotic and there are lots of players and lots of innovation, to be followed by boring adulthood as the losers lose and the few winners win and consolidate.  My hope was, and is, to be able to take on the “bad apples” problem in a way that doesn’t terribly compromise generativity — the way that Wikipedia, so far, has managed to stop spammers and vandals without wholesale abandoning the precept that anyone can edit a page, whether registered or not.  I wrote some thoughts on how to do that in the book, and have since followed up with a piece called “The Fourth Quadrant.”  It seems all the more pressing to me as concerns about cybersecurity, and now cyberwarfare, are very much on the mind of governments around the world.

I’m not exactly a pessimist.  I recognize, and celebrate, the fact that the digital environment of 2010 is the coolest, most interesting, most option-filled it’s ever been.  In that sense, mirroring the situation with Internet access despite censorship around the world, the slope of the generative curve is positive.  But, also mirroring the situation with censorship and filtering, I see the pieces further moving into place for a step change in how the Internet works.  In where new innovations come from.  And in how readily regulators can pull the plug on services and content they don’t like.  At its core, the Future of the Internet is an argument against complacency, and against the simplicity of thinking that if only market forces are allowed to work their magic, everything else we care about will more or less fall into place.

I look forward to the week’s discussions.  …JZ

Much of the online discussion has focused on the merits of the suit.  Oracle officially acquired Sun Microsystems early this year.  Sun originally developed Java and, over time, released most of the platform into the open source ecosystem.  Patents that were filed may have been a defense against litigation or even a joke.  And Google has licenses for those patents.  So the question here revolves around whether, by strict or loose interpretation, Google violated its licenses, but the vagueness and generality of Oracle’s complaint [pdf] (and press release) renders most of this analysis speculative pending additional clarification.  (More discussion on the open source backdrop is available here and here, and counterpoint here.)

However, the remedy Oracle wants couldn’t be more clear.  It asks for monetary damages to compensate it for its financial losses and punitive damages because it alleges Google “knowingly,” i.e. intentionally, violated its IP rights.  In addition, Oracle requests “[a]n order permanently enjoining Google, its officers, agents, servants, employees, attorneys and affiliated companies, its assigns and successors in interest, and those persons in active concert or participation with it, from continued acts of infringement of the patents and copyrights at issue in this litigation” and “[a]n order that all copies made or used in violation of Oracle America’s copyrights, and all means by which such copies may be reproduced, be impounded and destroyed or otherwise reasonably disposed of.”  The last one is the kicker: just like TiVo’s demand of EchoStar, Oracle wants the court to tell Google to reach into Android owners’ handsets and rip out the offending material, leaving innocent consumers with a gutted shell — and the remainder of their two-year service contract.

The destruction remedy applies only to the copyright claim.  If the case goes to trial a jury could conceivably find Google liable for patent infringement but not copyright violation.  And even if it did, the district judge has discretion over what relief to grant.  Plus, the appeals process could hack back overbearing damages.

But as long as it is on the table, the availability of such a remedy is a very big stick.  Even if Google believes it should win the suit, betting on that outcome doesn’t make sense if it means risking having to destroy consumers’ phones or fighting a long and uncertain legal battle after the destruction provision is awarded, instead of paying conventional monetary damages.

Google has seen how a similar fight has played out for EchoStar.  EchoStar attempted to comply with the court order by sending DVR boxes an update that replaced the infringing technology with noninfringing parts, leaving intact the DVRs’ functionality.  The Federal Circuit said “no dice,” the remedy was disablement of the DVRs, and that alone would suffice.  EchoStar continues to refuse to disable its customers’ DVRs and has been held in contempt and fined $200 million.

The Federal Circuit has agreed to rehear EchoStar’s case en banc.  And in the interim, the U.S. Patent and Trademark office has invalidated the very patents TiVo claimed EchoStar infringed. (TiVo is appealing the ruling; until its appeal is exhausted, the patents remain in force.)  And the FTC has stepped in to give the circuit court some guidance, filing an amicus brief urging it to consider how specific sanctions will impact innovation across the technology industry.

The availability of destruction as a remedy smothers innovation.  If Oracle can’t strong-arm Google into settling but wins at trial and is awarded the destruction provision (and it survives appeal and Google eventually capitulates instead of balking and riding a series of contempt proceedings into a draconian post-litigation settlement or bankruptcy), (1) consumers would have their phones replaced with bricks and think twice before buying new tech again; (2) Android developers would see their platform and all their apps evaporate; and (3) in the future, companies would likely waste time reinventing the wheel to avoid Google’s court-ordered fate rather than developing new technologies.  There is a storm brewing, brought on by the rise of tethered appliances and the thicket of software patent regulation.

—By Jennifer Halbleib

Disintegrating Droids. The Droid X comes pre-loaded with eFuse technology, which prevents it from booting with unapproved software. Motorola points out that triggering eFuse doesn’t permanently disable the phone — it can re-boot once approved software is reinstalled. Much better.

Neighborhood watch for software vulnerabilities. At the Black Hat security conference last week, Microsoft advocated for cooperation between software companies, researchers, and security vendors to share information on flaws and patches in order to keep users safe. Perhaps cross-pollination at the meeting will spread the idea of mutual aid to website owners as well.

Researcher remotely hacks ATMs. Also at Black Hat, a security researcher demonstrated that he could remotely order stand-alone ATMs to spew cash. While causing a remote ATM to dispense money at will is less appealing to the average thief than cracking open a proximate machine, an accomplice with a laptop in a van nearby could make it a profitable endeavor.

Apple rejects iPad magazine subscription app. Apple has nixed an app from Time, Inc. that would have allowed iPad owners to purchase a digital subscription to Sports Illustrated. Peter Kafka of Media Memo hypothesizes that Apple doesn’t want to give magazine publishers the access to personal user information they would have with an app. But publishers are likely salivating over the targeted advertising potential of mining that data. Plus, single-issue sales through iTunes are cumbersome and inefficient. There may be a confrontation brewing, unless publishers are willing to be satisfied with whatever options Apple grants them.