- FTC goes after astroturfing
Last week the U.S. Federal Trade Commission announced a settlement with Reverb Communications, a firm that describes its business as a:
… full service videogame agency that provides public relations, marketing, and sales services through one integrated campaign to the interactive entertainment and music industry. Using precise messaging and calculated marketing campaigns, we are able to drive consumer and industry demand for our clients’ products, resulting in increased product sales.
According to the FTC’s complaint, some of the “precise messaging” involved the firm putting in fake positive user reviews of various video games on the iTunes store.
I haven’t been able to track down Reverb’s answer to the charges except a statement repeated here, a blog entry that reports some additional details of how the FTC got onto Reverb’s trail. Reverb is said to have said:
During discussions with the FTC, it became apparent that we would never agree on the facts of the situation. Rather than continuing to spend time and money arguing, and laying off employees to fight what we believed was a frivolous matter, we settled this case and ended the discussion because as the FTC states: “The consent agreement is for settlement purposes only and does not constitute admission by the respondents of a law violation.”
That sounds like a non-denial denial, and the FTC appears to be doing good work here. In the fall of ’09 it announced that paid commercial endorsements had to be disclosed — even on Twitter, Facebook, and in blogs. There was some handwringing over this — would the government be going after any blogger who says something good about something and might have a financial interest in it? It is not particularly easy to predict, especially since the FTC, unlike other Federal agencies, does not do formal rulemakings — it can only announce guidelines and then bring one enforcement action at a time under its general charter to combat unfair or deceptive trade practices.
The Reverb case provides a good example of how the FTC is thinking about applying its limited staff power: to professional organizations working to subvert ratings schemes. That’s a good place to start; if nascent ratings schemes are to work, it’s helpful to know what the boundaries are — especially to PR and marketing firms that don’t want to have to race to the bottom. Now they can tell their clients that they’re just not able to help out with fake reviews. (In the meantime, the Reverb main home page is showing a generic parked message — odd.)
I remain curious how effective sites like subvertandprofit.com are. S&P says it:
… runs social media campaigns across a variety of social media sites, via our 25,000 users who earn money by viewing, voting, fanning, rating, or posting assigned tasks. Since 2007, our user actions have effectively promoted our advertisers’ web content to popularity at significant cost savings. In 2010, Subvert and Profit merged with Crowdsource Corp. to extend the power of crowdsourcing to a variety of social and business applications.
More directly, S&P tells advertisers that they can:
Buy votes on social media sites.
- Sign up.
- Add funds to your account.
- Buy votes.
- Get visitors to your site for cheap.
- Repeat.
And in turn, social media users can “get paid just for clicking buttons.”
Perhaps they or other intermediaries that help to launder ratings could find themselves answering some questions from the FTC. I see the domain for subvertandprofit is registered in Massachusetts, so I’ve sent an email to its owner — I’ll update this post if I hear anything.
- Fried Androids?
In March, a panel of the Federal Circuit affirmed a Texas district court ruling requiring EchoStar to remotely disable the DVRs of innocent customers as part of its damages for infringing on TiVo’s DVR patents. At the time, Elisabeth and JZ predicted that we would see an increasing number of similar cases as companies — and governments — figured out how to take advantage of additional control points that exist in tethered appliances. Their Delphian suggestion came to pass in the mobile arena recently when Oracle filed suit against Google for patent and copyright infringement. The lawsuit claims that Google’s Android OS (along with its software development kit and custom virtual machine) infringes Oracle’s IP rights in the Java programming language.
Much of the online discussion has focused on the merits of the suit. Oracle officially acquired Sun Microsystems early this year. Sun originally developed Java and, over time, released most of the platform into the open source ecosystem. Patents that were filed may have been a defense against litigation or even a joke. And Google has licenses for those patents. So the question here revolves around whether, by strict or loose interpretation, Google violated its licenses, but the vagueness and generality of Oracle’s complaint [pdf] (and press release) renders most of this analysis speculative pending additional clarification. (More discussion on the open source backdrop is available here and here, and counterpoint here.)
However, the remedy Oracle wants couldn’t be more clear. It asks for monetary damages to compensate it for its financial losses and punitive damages because it alleges Google “knowingly,” i.e. intentionally, violated its IP rights. In addition, Oracle requests “[a]n order permanently enjoining Google, its officers, agents, servants, employees, attorneys and affiliated companies, its assigns and successors in interest, and those persons in active concert or participation with it, from continued acts of infringement of the patents and copyrights at issue in this litigation” and “[a]n order that all copies made or used in violation of Oracle America’s copyrights, and all means by which such copies may be reproduced, be impounded and destroyed or otherwise reasonably disposed of.” The last one is the kicker: just like TiVo’s demand of EchoStar, Oracle wants the court to tell Google to reach into Android owners’ handsets and rip out the offending material, leaving innocent consumers with a gutted shell — and the remainder of their two-year service contract.
The destruction remedy applies only to the copyright claim. If the case goes to trial a jury could conceivably find Google liable for patent infringement but not copyright violation. And even if it did, the district judge has discretion over what relief to grant. Plus, the appeals process could hack back overbearing damages.
But as long as it is on the table, the availability of such a remedy is a very big stick. Even if Google believes it should win the suit, betting on that outcome doesn’t make sense if it means risking having to destroy consumers’ phones or fighting a long and uncertain legal battle after the destruction provision is awarded, instead of paying conventional monetary damages.
Google has seen how a similar fight has played out for EchoStar. EchoStar attempted to comply with the court order by sending DVR boxes an update that replaced the infringing technology with noninfringing parts, leaving intact the DVRs’ functionality. The Federal Circuit said “no dice,” the remedy was disablement of the DVRs, and that alone would suffice. EchoStar continues to refuse to disable its customers’ DVRs and has been held in contempt and fined $200 million.
The Federal Circuit has agreed to rehear EchoStar’s case en banc. And in the interim, the U.S. Patent and Trademark office has invalidated the very patents TiVo claimed EchoStar infringed. (TiVo is appealing the ruling; until its appeal is exhausted, the patents remain in force.) And the FTC has stepped in to give the circuit court some guidance, filing an amicus brief urging it to consider how specific sanctions will impact innovation across the technology industry.
The availability of destruction as a remedy smothers innovation. If Oracle can’t strong-arm Google into settling but wins at trial and is awarded the destruction provision (and it survives appeal and Google eventually capitulates instead of balking and riding a series of contempt proceedings into a draconian post-litigation settlement or bankruptcy), (1) consumers would have their phones replaced with bricks and think twice before buying new tech again; (2) Android developers would see their platform and all their apps evaporate; and (3) in the future, companies would likely waste time reinventing the wheel to avoid Google’s court-ordered fate rather than developing new technologies. There is a storm brewing, brought on by the rise of tethered appliances and the thicket of software patent regulation.
—By Jennifer Halbleib
- The Google/Verizon framework
I’ve been trying to figure out what the Google/Verizon announcement means. It’s not easy to do, in large part because the announcement doesn’t precisely announce anything. It’s titled a “legislative framework proposal.” That is, on its own terms it’s not an agreement between two companies — neither is bound to do anything by it, which I guess is how they could deny last week’s New York Times report about a “deal on web pay tiers” — but it does represent a meeting of the minds between them about what ought to happen in the world, in particular what American (and presumably others’) law should become here.
That kind of mental-but-not-legal agreement can get away with being far more vague than a typical contract. It’s amenable to what Cass Sunstein calls “incompletely theorized agreements.” Cass’s work points out that parties who disagree on basic things — such as a would-be polity that wants to produce a constitution for the first time — risk coming away empty handed if they insist on their own views. But they don’t want to compromise, either. So what they do is strategically punt: they come up with texts that are intentionally vague, leaving it for another day to figure out what they mean in practice, so they can move on with a joint endeavor of some kind. There are lots of vague statements of that sort in the proposal, some of which are drawn from another likely-intentionally vague set of FCC principles about the Net. So, for example, under the proposal, carriers can’t engage in undue discrimination. They can do reasonable network management. There’s to be transparency, but not neutrality, for wireless at this time. These definitions would have to be much more fleshed out to understand what the agreement means, and lawyers use terms like these so that the parties’ different ideas of “undue,” “reasonable,” and “now” can be parked in peace under the same roof.
Here’s my own take so far — I figured it might be useful to share my own process in working this through rather than writing (yet) a firm advocacy piece for one view over another. Read more »
- FOI Topics and Links of the Week
Game on. A featureless update released recently by TI blocks a hack that allowed owners to write their own programs for the company’s Nspire calculator. It’s not immediately obvious what rationale TI used to justify the block. It isn’t under pressure to protect the commercial interests of a partner service provider. And worst case, a buggy calculator isn’t exactly as calamitous as a compromised cell phone. In any event, the competition illustrates what may become an increasingly common arms race between hardware companies trying to lock down their products and consumers who want to load the software of their choice on a device they own.
Disintegrating Droids. The Droid X comes pre-loaded with eFuse technology, which prevents it from booting with unapproved software. Motorola points out that triggering eFuse doesn’t permanently disable the phone — it can re-boot once approved software is reinstalled. Much better.
Neighborhood watch for software vulnerabilities. At the Black Hat security conference last week, Microsoft advocated for cooperation between software companies, researchers, and security vendors to share information on flaws and patches in order to keep users safe. Perhaps cross-pollination at the meeting will spread the idea of mutual aid to website owners as well.
Researcher remotely hacks ATMs. Also at Black Hat, a security researcher demonstrated that he could remotely order stand-alone ATMs to spew cash. While causing a remote ATM to dispense money at will is less appealing to the average thief than cracking open a proximate machine, an accomplice with a laptop in a van nearby could make it a profitable endeavor.
Apple rejects iPad magazine subscription app. Apple has nixed an app from Time, Inc. that would have allowed iPad owners to purchase a digital subscription to Sports Illustrated. Peter Kafka of Media Memo hypothesizes that Apple doesn’t want to give magazine publishers the access to personal user information they would have with an app. But publishers are likely salivating over the targeted advertising potential of mining that data. Plus, single-issue sales through iTunes are cumbersome and inefficient. There may be a confrontation brewing, unless publishers are willing to be satisfied with whatever options Apple grants them.
FBI challenges Wikipedia over logo. This week, the FBI accused Wikipedia of illegally displaying the agency’s official seal. Wikipedia has refused to remove the image from its FBI page.
Wikipedians have a
history of standing firm on controversial articles. It’s unclear whether a specific incident triggered agency action. The BBC
notes that since the seal is published elsewhere on the Web, the FBI’s selective targeting of Wikipedia is also mysterious. And many reports on the story
now include . . . images of the seal.
Zombie cookie revenge. A lawsuit filed in federal court alleges that several prominent websites used Flash or “zombie” cookies to surreptitiously collect personal user information. Flash cookies can re-create browser cookies deleted by users. They function as extra storage for websites and maintain user preferences, but can also be exploited to track users online.
—By Jennifer Halbleib
- What matters in net neutrality
It’s hard to know what to make of the Google/Verizon deal since until earlier today both companies have denied that there is one. And it’s hard to argue about net neutrality because it means so many different things to different people. I’ve got lots of reading to do to catch up on the newly released set of principles from the companies, but in the meantime here are a few thoughts on the topic.
The core question is this: when Internet Service Providers turn out to have captive audiences of subscribers — either because their customers have few if any alternatives for broadband, or because switching is complicated and cumbersome, or because ISP practices are obscure and thus hard for customers to adapt to — how far should they be allowed to leverage that captivity?
That question arises in the midst of a very confused economy for the movement of bits over the Internet. With telephones the baseline rule was simple: sender pays. On the Internet, it’s more complicated: both sender and receiver pay their respective Internet Service Providers to move their data traffic. Now, suppose these are large ISPs who are considering connecting to each other directly. The ISP who hosts a sender of traffic like YouTube might say to the ISP with lots of individual users who watch YouTube videos: “We seem to have a lot of stuff that your users want, and they’re paying you to get it to them. What will you pay us to pass this stuff efficiently over to you?” The ISP with the individual users might reply with a different point of view: “You’ve got a lot of stuff you want to send to our users, and your corporate customer is making money through advertising or subscription fees when our users access it. What will you and your corporate subscriber pay us to be able to reach our captive audience?” It’s an odd puzzle: both sides benefit from the transaction, so who should pay for it, given that there’s no baseline rule like “sender pays”?
In the past this dilemma between large ISPs has been resolved through peering arrangements that have amounted to simple handshakes: I’ll carry your traffic aimed at my subscribers if you carry mine aimed for yours, and we’ll call it even. Today those deals are more complicated, and their details are typically trade secrets. But we know this much: Verizon, like other broadband providers, already says to its customers: pay us more and we’ll give you faster Internet access. That’s not controversial. So should Verizon also be able to make a similar offer in the other direction, to faraway upstream content providers? Verizon could say to Google: regardless of what you pay your own ISP to get your bits launched on the Internet, pay us more and we’ll make sure your YouTube videos get to our subscribers all the more quickly as they come in for a landing.
Google might well be able to pay — and then leave poorer content providers behind. The next two guys who want to start, say, ShmouTube won’t be able to do it if they’ve got to negotiate business development deals with one ISP after another in order to reach those ISPs’ subscribers. And that’s the real danger: when each ISP can, in effect, speak on behalf of its unwitting subscribers, serving as the troll under the bridge offering up different conditions for access to them, the economics of the Net will start to favor the consolidated, the well-connected, the well-heeled. Verizon and Google each have reason to take the trouble to negotiate with one another to begin with — they’ve both big, and each can offer uniquely desirable benefits to the other. The generative power of the Internet is that it has offered a perch for anyone who wants to plant a flag in the ground. Set up www.mynewamazingwebsite.com, and people the world over can beat a path to it or not as they please. That represented a huge change from the proprietary consumer networks of the 1980s and 90s, where AOL or CompuServe got to say who could have a presence within their gated communities.
It may turn out to be too simple to have a blanket rule against ISPs charging faraway providers for access. There are even some outcomes that make that desirable for consumers — imagine if Internet access were free, with ISPs beating down your door to provide you with broadband, because if you choose them then they’ll get paid by Google et al. for the privilege of sending bits (and ads) to you. That’s a dubious outcome for a number of reasons, but it’s theoretically possible. But much more dangerous is if ISPs get to pick and choose: one deal for Google, another for the New York Times, a third for eBay, and no deal at all for mynewamazingwebsite. In a medium in which so many of the giants were yesterday’s scrappy upstarts — eBay, Google, even the Web itself — it would be a travesty to freeze out the next round of innovation from odd corners by deploying an impenetrable web of contracts and fees. That’s what I take to be at the core of Chairman Genachowski’s comment that “Any outcome, any deal that doesn’t preserve the freedom and openness of the Internet for consumers and entrepreneurs will be unacceptable.”
Update: More thoughts here.
June 3rd, 2010 at 4:07 pm (#)
In the last paragraph, Proffessor Zittrain, you mention reinvigorating the Internet’s principle of open, distributed architecture. However, there are no provided examples. I believe I discovered the Web of Trust addon for firefox (and now chrome) through one of the posts here, and it would serve as a decent enough example of how to use open, distributed processes _for_ security.
-Ben
June 3rd, 2010 at 4:44 pm (#)
Hi Jonathan. It’s easy to agree that anti-virus is a broken model, for all kinds of reasons. And we certainly need to think creatively about what the right model may be. I rather suspect that it will involve ‘whitelisting’ rather than blacklisting. Most of the current whitelists arise as vendor control in app stores and similar places – but there’s no reason why we shouldn’t have a much more generative approach to this.
Rather, we can reinforce open, shared early warning systems to enumerate and deal with security threats, whether against PCs, Web sites, or Internet connectivity. With a few technical tweaks, we can all further help relay data from Web sites that are under attack, stabilizing their presence.
My fear is that such a solution would create more problems than it solves. Adding complexity to a security problem usually gives the attacker additional points to hit: it very seldom (in the long run) gives a net improvement. Or am I missing something?
June 3rd, 2010 at 5:04 pm (#)
Ahn-tie-virus?
I use Linux and Mac OS X, I don’t know what you are talking about
But seriously, why do my tax dollars go towards Windows and McAfee licenses when there are perfectly acceptable free alternatives? I’d rather they put that money to good use in something important like hospital *equipment* for example.
That is the problem with the cloud, what you get back from the cloud is not necessarily what you put in to the cloud, you are at the mercy of the hosting company. The best way around it must distributed cloud services such as torrents, I can get the .torrent file from any number of sites so censorship is practically non-existent (Just find the torrent somewhere else) and multiple trackers and seeds makes the system pretty robust.
June 3rd, 2010 at 6:42 pm (#)
Just to be clear, since the article doesn’t mention it, the academic libraries participating in the Google Book project _are_ maintaining independent backups. Among other projects, the Hathi Trust stands out as a large, well-supported (technically and infrastructurally) independent digital library. It contains mostly things scanned for Google, but also independently-scanned stuff. http://www.hathitrust.org
And some of the participating libraries are also independently keeping copies.
(I’m a librarian at one of the Hathi Trust partners, but not speaking on behalf of anyone but myself.)
June 3rd, 2010 at 7:23 pm (#)
[...] Read this article: The Internet's Fort Knox Problem :: The Future of the Internet … [...]
June 3rd, 2010 at 8:27 pm (#)
Simple is good — and I’m not sure a distributed solution need be more complex than something centralized.
June 4th, 2010 at 4:45 pm (#)
It seems to me that centralization and decentralization are two poles, and most of the examples listed are somewhere in between them. Take the Fort Knox example: the government doesn’t hold the only stock of gold, and we therefore don’t lose all of our nation’s wealth if its security is compromised.
I’m not perfectly well versed in security technology, but I imagine the same is true with respect to McAfee. It’s true that as more of our lives are tethered to data and internet connected devices, we’re going to take a few risk-neutral, or even risk-seeking, security shortcuts for the sake of sanity. We’re going to concentrate our security expertise so the benefits of a few brilliant techies can be spread across a wider array of clients for cheaper. That means well-meaning good guys have our lives in their hands. The same might be said to represent the pitfalls of our current financial problems. Everyone placed their retirement funds in the hands of a few seemingly trustworthy mortgage brokers who were connected to financial technologists who were actually way over their heads.
I think we also need to be careful about giving up the cost-saving measures of centralization. From your perspective, it seems we need to stand athwart history screaming “non-proprietary protocols and standards!” =) I remember the poignant imagery on the cover of The Future of the Internet: railroad tracks going off a cliff. There is a reason, though that this shift is happening. Small and medium sized businesses are outsourcing their IT in order to achieve better cost controls for consumers and shareholders. Profit margins are a powerful force to be curbing, of course. So perhaps capitalist interests can protect themselves. Still, it’s worth keeping in mind that Joe and Jane Taxpayer might actually be on the other side of this debate when times are tough, (perhaps even if their government’s computers go down and they need to cart their loved ones to the hospital down the street in an emergency).
As always, this was a great, thought-provoking post. Looking forward to the next one!
June 4th, 2010 at 6:37 pm (#)
Me too, regarding having problems with:
“Rather, we can reinforce open, shared early warning systems to enumerate and deal with security threats, whether against PCs, Web sites, or Internet connectivity. With a few technical tweaks, we can all further help relay data from Web sites that are under attack, stabilizing their presence. Security shouldn’t have to be purchased like a personal bodyguard. Far more flexible than Fort Knox are people, each with their own pocketed gold and machinery, empowered to look out for one another.”
This isn’t an unexamined problem! In fact, as you know, a big problem is that most people *don’t* even know how to look out for themselves, much less each other.
June 6th, 2010 at 6:57 am (#)
[...] see also Christian Sandvig, The Television Cannot be Revolutionized (multicast) and Jonathan Zittrain, The Internet’s Fort Knox Problem (The Future of the Internet and How to Stop [...]
June 6th, 2010 at 9:12 am (#)
Here’s another comment about this paragraph:
“Rather, we can reinforce open, shared early warning systems to enumerate and deal with security threats, whether against PCs, Web sites, or Internet connectivity. With a few technical tweaks, we can all further help relay data from Web sites that are under attack, stabilizing their presence. Security shouldn’t have to be purchased like a personal bodyguard. Far more flexible than Fort Knox are people, each with their own pocketed gold and machinery, empowered to look out for one another.”
The first thing there looks like reputation based antimalware software. If one person reports “malfunction” or there’s reasons to believe something are wrong, anything that’s not normal is checked. Everything is reported too. The more negative reports about a certain file, the more likely it is that it’s bad.
It can be used in many other ways too. that WOT thing mentioned above is similiar.
The second thing you mentioned reminds me of Freenet, a distributed and anonymous data store system. There are also lots of other ways to dezentralize data storage (and downloading of it).
Now when there’s talk about implementing “resource packages” (http://limi.net/articles/resource-packages-spec-ready-for-prototyping), we could go so far as using torrents (with DHT) and all to distribute all images, videos and other embedded data.
The issue here is then this: How do we decentralize the downloading of the index.html file? We can’t really do that in a sane way with dynamic sites.
We need some kind of browser plugin that creates a bittorrent like network parallell with the normal http-based internet connections to servers. It would simple share the cache with others for various sites, and when those sites are down, a custom static version of the index.html file (predefined by the server) would be shared too.
I think that can work.