That kind of mental-but-not-legal agreement can get away with being far more vague than a typical contract.  It’s amenable to what Cass Sunstein calls “incompletely theorized agreements.”  Cass’s work points out that parties who disagree on basic things — such as a would-be polity that wants to produce a constitution for the first time — risk coming away empty handed if they insist on their own views.  But they don’t want to compromise, either.  So what they do is strategically punt: they come up with texts that are intentionally vague, leaving it for another day to figure out what they mean in practice, so they can move on with a joint endeavor of some kind.  There are lots of vague statements of that sort in the proposal, some of which are drawn from another likely-intentionally vague set of FCC principles about the Net.  So, for example, under the proposal, carriers can’t engage in undue discrimination.  They can do reasonable network management.  There’s to be transparency, but not neutrality, for wireless at this time. These definitions would have to be much more fleshed out to understand what the agreement means, and lawyers use terms like these so that the parties’ different ideas of “undue,” “reasonable,” and “now” can be parked in peace under the same roof.

Here’s my own take so far — I figured it might be useful to share my own process in working this through rather than writing (yet) a firm advocacy piece for one view over another.

First, some of the differences in reaction to the proposal can be explained by what critics see as the alternatives.  For some, the important thing to weigh is the straight policy merit of the proposal as they see it, without regard to what is possible given the array of interests pushing for different outcomes.  Those idealists will find much to disagree with, since the proposal is so qualified, apparently representing horse-trading as much as some consistent set of principles at work.  For others, the proposal is weighed in the context of the status quo and where it’s likely to go.  That includes Google, which said in a blog entry today:

The FCC protections referenced by Google (and incorporated in part in the proposed framework) are the principles first articulated in 2005 as a Commission policy statement — oddly not easy to find online in a clean form, but quoted in lots of places (Formal reference: “In re Appropriate Framework for Broadband Access to the Internet Over Wireline Facilities,” 20 F.C.C.R. 14,986 (2005).)

Those principles were applied in an action by the FCC against Comcast, which had been quietly restricting peer-to-peer traffic to and from its subscribers.  Comcast was told it couldn’t do that in the awkwardly titled “In re Formal Complaint of Free Press and Public Knowledge Against Comcast Corp. for Secretly Degrading Peer-to-Peer Applications,” 23 F.C.C.R. 13,028 (2008) — you can read former Chairman Kevin Martin’s statement on the matter here.  By the time of the FCC’s resolution, Comcast had basically already stopped discriminating, which made the order merely demand transparency about its practices, with a threat of further consequences should Comcast start discriminating again.  Comcast appealed the FCC order to the federal courts.  In the meantime, the original FCC principles were reiterated and elaborated in a proposed formal rulemaking (an “NPRM”) that got going in the fall of 2009.  While that rulemaking was ongoing, the Comcast appeal of the 2008 order was heard and decided by the D.C. Circuit.

Comcast had three complaints: first, the FCC had acted beyond the authority Congress gave it in telling Comcast what to do (or disclose) about its network management practices; second, the FCC should have come up with its rules in a rulemaking rather than a simple order to Comcast after receiving a complaint; third, that the FCC’s order was so poorly reasoned as to deserve reversal by the appellate court.  In April 2010, the D.C. Circuit held that the FCC indeed had acted beyond its authority, and so didn’t move on to the second and third objections by Comcast.  That finding put the very rulemaking that Comcast had demanded, and that was by then in progress, in jeopardy — leading to the “no enforceable protections” status quo that Google says was an important reason for it to work with Verizon to get some commitment on net neutrality.

So, what does that commitment look like?  The proposal is aimed for Congress to adopt in part to clarify the FCC’s ability to regulate here, and it can be divided into two types of suggestions: one about the ground rules (limited by the vague language sampled above) to be observed by ISPs, and one that’s meta, i.e. about who should make and enforce whatever rules there are to be.

First, the ground rules.  The opening ones affirm concepts of net neutrality, with plenty of exceptions.  Under “Consumer Protections,” the document repeats the essence of some of the FCC’s original principles: an ISP (well, “broadband Internet access service provider”) cannot prevent its users from “sending and receiving lawful content,” “running lawful applications and … services,” and “connecting their choice of legal devices.”  That’s consumer-friendly, although some critics don’t like terms like “lawful” — is an ISP to say what’s legal and what’s not?

Next is a non-discrimination requirement:

In providing broadband Internet access service, a provider would be prohibited from engaging in undue discrimination against any lawful Internet content, application, or service in a manner that causes meaningful harm to competition or to users. Prioritization of Internet traffic would be presumed inconsistent with the non-discrimination standard, but the presumption could be rebutted.

So, a commitment to net neutrality, at least against violations that cause “meaningful harm” to competition or to users.  (Would anyone care if a violation caused no harm, or meaningless harm?)  The kind of pay for priority arrangements that I discussed in an earlier blog/NYT short piece are generally not allowed — unless they are when the presumption against them is rebutted, using criteria or ideals not specified in the framework.  Discrimination for traffic management is to be OK — as it would be under the FCC’s proposed (but now frozen) rules.

Putting aside for the moment who gets to decide what counts as a fair reason to prioritize Internet traffic, or what amounts to “meaningful harm” — these are meta issues of enforcement — the other notable substantive provisions are for transparency, wireless and the intriguingly-labeled “additional online services.”

On transparency, providers would have to disclose their network management practices and “capabilities” — presumably better data about expected connection rates other than something like “UP TO FIFTY Mb/S!”  That’s a good feature.

The wireless section says:

Because of the unique technical and operational characteristics of wireless networks, and the competitive and still-developing nature of wireless broadband services, only the transparency principle would apply to wireless broadband at this time.

For many net neutrality advocates this is the most worrisome part of the framework.  The FCC’s original principles did not distinguish between wireless and wired networks, and its proposed rulemaking — again, stalled thanks to the Comcast decision — unlike the Google/Verizon framework, cut little slack to wireless providers on this score.  On the fact that the framework is less restrictive to wireless providers, Google says, in essence, “Don’t blame us; we’re not thrilled with it either, but sometimes you have to compromise.”  The way to give the least weight to this provision is to say: it’s only “at this time.”  There might be some change later if systemic problems arose on wireless.  And in the meantime the U.S. Congress’s GAO would keep an eye on things:

The U.S. Government Accountability Office would report to Congress annually on the continued development and robustness of wireless broadband Internet access services.

Of course, reports happen all the time — seeing a report’s warnings or recommendations find their way into federal law through further Congressional action is a steep hill to climb.  Some critics have said: who cares about network neutrality for regular broadband; wireless is the important part.

I’m not so sure.  If the framework had said the opposite — Verizon is OK with network neutrality for wireless but not for regular broadband — I can imagine many critics being just as upset, saying that wireless is still ancillary and that full broadband, with consumers’ wi-fi attached, is what really matters.  I guess they’d say that both matter.  I’m skeptical myself of rules that carve a difference between them — one point of the Internet is to be medium-agnostic — but I’m less inclined to find an evil plan lurking in the differentiation.  I can see that bandwidth management, at least, can be more crucial for wireless than wired at this stage in its development, and a Verizon might not feel comfortable having to justify any policies in those terms as an exception to a network neutrality rule.  I’m less confident that there’s robust competition in the wireless Internet space — there are still only a handful or providers, and switching among them is costly.

Finally, additional online services:

A provider that offers a broadband Internet access service complying with the above principles could offer any other additional or differentiated services. Such other services would have to be distinguishable in scope and purpose from broadband Internet access service, but could make use of or access Internet content, applications or services and could include traffic prioritization. The FCC would publish an annual report on the effect of these additional services, and immediately report if it finds at any time that these services threaten the meaningful availability of broadband Internet access services or have been devised or promoted in a manner designed to evade these consumer protections.

What’s an “additional or differentiated” service?  One way to understand is to realize that many common Internet broadband connections already piggyback on other, legacy connections.  The coaxial cable that comes into a house bearing decades’ worth of cable TV was partially repurposed by Comcast to offer Internet, too.

So one pipe offers two very different things, and the rules telling Comcast what it can and must allow over the cable TV part of the pipe are very different from the rules, if any, that might apply to the Internet part.  As I wrote in FOI:

Those with cable or satellite television have their TV experiences mediated through a set-top box provided or specified by the cable or satellite company. The box referees what standard and premium channels have been paid for, what pay-per-view content should be shown, and what other features are offered through the service.  The cable television experience is a walled garden. Should a cable or satellite company choose to offer a new feature in the lineup called the “Internet channel,” it could decide which Web sites to allow and which to prohibit. It could offer a channel that remains permanently tuned to one Web site, or a channel that could be steered among a preselected set of sites, or a channel that can be tuned to any Internet destination the subscriber enters so long as it is not on a blacklist maintained by the cable or satellite provider. Indeed, some video game consoles are configured for broader Internet access in this manner. Puzzlingly, parties to the network neutrality debate have yet to weigh in on this phenomenon.

So: when cable TV companies started adding Internet access to their offerings, the “product” was separate enough that the companies’ practices on one didn’t, and weren’t expected to, translate to the other.  From what I can tell, “additional or differentiated services” are the prospect that a company offering Internet access might try to bust into something like … cable TV.  Net neutrality, and the Google/Verizon framework’s own principles, wouldn’t allow an ISP to block Vimeo while allowing YouTube.  But if that ISP wanted to (re)invent a product called “Cable TV,” and use broadband to deliver the bits, it could block AMC while allowing HBO.  Other such products might be “telephone,” “radio,” and “movies on demand.”  Each of these has Internet instantiations now — think Skype, Pandora, and Netflix online — but a Verizon or Comcast might someday want to offer a standalone product, exclusively, with any competitors available only through the Internet half of the ISP’s connection.  Another analogy that might help: iPhone applications vs. its Safari browser.  Steve Jobs gets to say what apps are permitted to appear on the iPhone, and can cut nearly any deal he wants to, say, ban or allow Skype or an email app (say, from Google) that could compete with the iPhone’s own Apple Mail app.  But any of these rejected apps, if they can figure out how to establish themselves simply on the Web, could still be accessed by iPhone users who run the Safari Web browser and then visit the site for the app.

On the iPhone this might feel a bit like being relegated to Siberia for an app developer: it’s hard to have people type in a URL every time they want to run the app, compared to just clicking on a single icon.  But presumably this wouldn’t be as much of a burden in the “additional services” world that Google and Verizon are referring to.  There, the Internet is the main attraction, or at least one distinct from any standalone applications that an ISP tries to deploy over the very same bandwidth.  Cable TV in my living room is just apples to the orange of Internet access on a PC or tablet elsewhere in the house.  Still, some critics fear futures where the tail could wag the dog — futures very much like the present situation on an iPhone.

OK, on to the procedural stuff.  When the FCC cried foul on Comcast’s throttling of peer-to-peer activity, one of Comcast’s objections was that it was acting case-by-case, rather than setting up a formal rule through lengthy rulemaking procedures that involve public participation.  The Google/Verizon proposal calls for eliminating rulemaking full stop, keeping the FCC to case-by-case adjudications of rules laid down by Congress — presumably rules based on the substantive principles reviewed above.  Some critics cheer that proposal, eager to see the FCC’s intervention in Internet affairs limited to, say, network neutrality regulation, rather than, say, content control.  EFF calls it a “promising new approach.”

I’m not so sure.  As almost anyone to this debate would agree, network neutrality is complicated, and the gap between what Congress lays out and what ISPs and others are actually bound to do and not do can be large.  The framework seems to suggest filling that gap with private rules:

Google has taken a different tack with Android: they’ve largely surrendered the power to pre-approve apps, because Android users can always download apps from third-party sources. But they too have a kill switch, and according to the Android developers’ blog post, they decided to use it a few weeks ago. (It’s not totally clear from the blog post, but it sounds like they’ve also used it before on clearly malicious apps.) An app that claimed to offer Twilight photos turned out to be a demonstration, done by researchers, of how easy it would be to create an app that would turn phones into a botnet. The app didn’t actually create the botnet (and it didn’t show Twilight photos, either, so most disappointed downloaders deleted it), and the researchers presented their work at the conference. Nonetheless, after they heard about it, the Android team decided to remotely delete remaining copies of the app as part of a “cleanup” process. Affected users received notifications.

I can see why they wanted to do that. A report documenting Android vulnerabilities was recently released, and it’s caused some hand-wringing over Android’s security. There’s also no sense in leaving a loaded weapon laying around. And I’m glad they told both customers and everyone else that they’d deleted the apps. Still, I do worry about the removal of an app that isn’t actually harming any machines. More generally, I think that if Android is going to stick to the plan to not pre-screen apps and have an open system, they and we are going to have to think seriously — more seriously than Apple has had to — about the ethics of the kill switch. Questions like whether there should there ever be an opt-out, whether users should get refunds, and whether it should be used in cases other than damaging viruses are all still wide open.

And a few quick links:

Leaked MS Presentation Shows App Store Plans For Windows 8. Why all this thinking about app stores and kill switches matters: there are already plans to transfer the app store model from phones to PCs, where the arguments about the virtues and harms of contingent generativity have even more salience.

Google’s mismanagement of the Android Market. Jon Lech Johansen thinks the lack of pre-screening is hurting Google and Android.

Did Apple Flip the iOS Kill Switch on NDrive? Wait, has Apple already used the kill switch?

New zombie code in effect by December. Here’s a totally different option for improving security: let users keep open PCs, but if they become infected, have their ISPs quarantine them or reduce their internet speed to a crawl. That way, users will have to get their computers fixed and can’t keep infecting others. Internet Industry Association CEO Peter Coroneos said of the plan: “I’m sure there are people around that resent having to put new tyres on their car when they’re unroadworthy, or have their breaks done . . . But the reality is that we have argued that internet users have a responsibility not only to themselves, but also to other users on the internet.” The code will be made available to Australian ISPs soon.

One Brown Package: From Seattle to Norway. Why we love the internet in the first place: unexpected avenues for fun, creativity and kindness (here, in the form of people working to get a package from Seattle to Norway). They claim inspiration from JZ’s TED talk on the web on random acts of kindness.  The package is currently reported as missing.

—By Elisabeth Oppenheimer

Communicating with the e-book mothership. If the latest must-read on Kindle is dotted with typos or has a few pages missing, there’s a good chance Amazon offers a patch to correct the error. It’s a handy Internet-enabled functionality, although one can imagine at the extreme authors continuing to update their work ad infinitum, making it impossible for a reader to say he or she has read an e-book since content is always subject to change. Information flows in the other direction on the Kindle superhighway too, as Amazon apparently keeps track of what readers are highlighting. There’s some creep factor in Amazon knowing what ideas Kindle readers think are important, even if the most highlighted passages are in works as deep as The Lost Symbol. But the information is also so interesting.

The remote control. In April, Sony quietly revised the End User License Agreement that came with the latest PS3 firmware update to allow the company to change how an owner’s console operates in whatever way it wants, no notice or permission required. Now the FCC, at the request of the MPAA, has given cable and satellite providers the right to remotely disable output connections on consumers’ set-top boxes, leading consumers to ask “What did I buy?”

Curated Computing is the new name in town for the experience provided by the tablet non-PC. This particular term is meant to accentuate the “less choice, more relevance” aspects of that experience. It rolls off the tongue more smoothly than “contingently generative” and sounds less regressive than an “appliance,” but it connotes somewhat life aboard the Axiom. However, its proponents suggest that curated computing devices are meant to exist alongside and supplement traditional PCs. Let’s call that a worthy goal and the best of both worlds.

iPhone pillow talk with Steve Jobs. A ValleyWag reporter last week exchanged late-night emails with a defiant Steve Jobs on the iPhone’s ability to give people “freedom from” data theft, battery hogs, and porn. The emails speak for themselves, giving a little insight into Jobs’ perspective on the benefits and aims of the iPhone. He gets a little snarky at the end, but then again it’s 2am when he’s responding, and he never has a chance to clarify his comments, unlike the Gawker reporter.

Android outsells iPhone. During the first quarter of 2010, phones with the Android OS grabbed 28% of the U.S. market share, surpassing iPhone’s 21% (RIM’s Blackberry is still at the top with 36%).  Although Android benefited from Verizon’s buy-one-phone-get-one-free promotion and iPhone continues to lead worldwide, it appears Google is getting closer in Apple’s rearview mirror.

McAfee prevents computers from booting up in new virus-protection strategy. Centralizing security software in a few big providers concentrates expertise to solve problems, while also meaning that there are only a few–albeit strong–security systems the bad guys need to breach in order to wreak widespread havoc.  But in a previously under-appreciated risk, a flawed update of widely-used antivirus software can cut out the middleman and accomplish the same havoc directly.  A McAfee software update mistakenly identified a critical file as a virus and quarantined it, causing computers around the world, many of which automatically install updates, to repeatedly attempt to boot up.  One source estimated that 800,000 PCs were affected.

Taking [re-]generativity seriously. A Connecticut mayor donated her kidney to a Facebook friend last month after seeing his desperate status update.  The patient’s doctor had suggested that he try publicizing his need through social media, using an online connection to a forge a real-world bond.

Online newspapers to modify anonymous comment policies. Several major online news sites are considering or implementing changes in their approach to user comments.  There has been a trend toward requiring users to register, establishing ranking systems to identify trusted users, and highlighting the comments of those willing to use their real names, all in an attempt to hold commenters accountable for their statements and discourage vitriol.  Linking identity with posted opinions facilitates a reputation system to mitigate abuses of anonymity online (other examples of such strategies, and their risks, are discussed in the book).  Here it serves both to cement a user’s responsibly for his or her comments and maintain the status of a particular news site as a respected forum for discussion.

In the department of really freaky things: 80legs. 80legs pays developers to embed a bit of code in their programs to turn the user’s computer into a bot. But unlike all the malicious code that does the same thing, this one purports allow 80legs to use the botnet for good (for their web-crawling services), and is theoretically disclosed to the users. I’m skeptical—especially since, as one example indicates, the “disclosure” may be a few lines buried way down in the TOS. And who monitors whether 80legs is in fact doing good?

Crowdsourced Art. On the ubicomp front, Amazon Mechanical Turk can be used to create cool works of mass art. If you follow the link to artist Aaron Koblin’s website (who also kindly guested in last winter’s Stanford/HLS cyberlaw class), the Sheep Market is my favorite (although there was some debate about it).

Mark Fiore can win a Pulitzer Prize, but he can’t get his iPhone cartoon app past Apple’s satire police. Pulitzer-prize winning political cartoonist has his app bounced by Apple for…mocking political figures. Oh, come on. One interesting thing: this has apparently happened several times before with cartoonists; each time, there was an outcry, and Apple relented. Fiore himself isn’t arguing with Apple—he’s just sitting back and waiting for the reversal. Maybe this is the real App Store model: reject broadly, accept anything the public deems important enough to make a fuss about.

And a few links on the iPad:

The Kids Are All Right. An unusually thoughtful post on the iPad/Pod/Phone tradeoffs: the technology isn’t as generative, but distribution can be much simpler.

The Apple Two. Apple introduced the original generative PC, and is now doing away with that generativity with the iPad, among other devices. Tim Wu explains that this isn’t about a change in “Apple’s” ethos: it’s Steve Jobs’ ascendancy over Steve Wozniak.

The iPad Luddites. One more meditation on the iPad, generativty, and the inevitability of technological change. Carr points out that “[i]t’s useful to remember that the earliest radios were broadcasting devices as well as listening devices and that the earliest phonographs could be used for recording as well as playback,” and that the evolution from primitive to refined devices nearly always comes with a generativity loss. But the question is whether that loss is inevitable, whether there’s a salient difference between the PC/Internet combo and the radio, and whether we can hope for some generative and general-purpose device that tinkerers will turn to if the PC becomes more locked down.

—By Jennifer Halbleib and Elisabeth Oppenheimer

Whoops: Five days later, Steve Jobs announced modified Apple developer rules banning use of “intermediary” tools such as Air—in other words, there will be no more cross-platform development. Adobe employees: not happy.

This is starting to sound pretty antitrust-y. It’s hard to think of any logical reason Apple cares where an app’s code originates—unless, of course, it just wants to hurt Adobe at every turn. Unfortunately, it’s been hard to find knowledgeable people analyzing actual antitrust law—anyone know of a good blog? (For what it’s worth, this old post from the Antitrust Law Blog indicates that the tech sector, including Apple, is under heavier scrutiny from the DOJ and FTC.)

Not surprisingly, there are rumors a lawsuit is brewing.

As usual, there’s another chapter in this saga: Flash translation. In a related but not identical story, Apple has long been hostile to Adobe’s Flash multimedia platform, citing stability and security concerns for refusing to offer Flash support for the iPhone and iPad. This puts websites that use Flash in a tough spot and limits iUsers’ access to content—75% of web video according to Adobe. Enter RipCode, which has developed a server-side translator solution. If an iPhone user attempts to access a Flash video, the “transcoder” detects the platform and translates the video into a compatible format. Since the transcoder is run off the website’s server, it doesn’t require Apple’s approval. Assuming it’s reliable, this is a nice example of a how the generative web allows enterprising developers to solve problems (or, depending on your point of view, do end-runs around the rules).

—By Jennifer Halbleib and Elisabeth Oppenheimer

Security Theory to Practice. Ross Anderson has assembled a resource with links on the myriad dimensions of psychology and security.  A sampling includes why we as users discount some risks and overestimate others, how scams ensnare us, what conditions lead us to disclose private information, and ways to make security measures usable for the average person so that they actually get used and protect the greater internet community.  Interesting and practical.

Humiliating the Pirates. In a digital adaptation of medieval stocks, the Japanese gaming company Overflow released a fake installer for its erotic game Cross Days online that contains malicious code to acquire the information of people who try to use the installer to pirate the game.  That information is then posted online until the transgressor accepts responsibility for stealing the game.  It’s unclear whether the humiliation stems from being victimized—do those who play the game generally consider themselves too smart to download a trojan?—or from being exposed as a player of erotic video games.  If the latter, will the website where user information is posted receive enough traffic (besides others who play the game, who presumably won’t “out” those posted to the world if it would expose their own identity as well) to serve as a public town square?  It also seems less legitimate as an anti-piracy tactic since the company itself is making the “pirated” program available online.

Hunch Preview. Buzz-generating start-up Hunch has launched a Twitter Predictor tool that examines a Twitter user’s account profile—who follows and is followed—and predicts the answer to a series of questions, apparently with over 80% accuracy.  The tool is intended to publicize the utility of Hunch’s forthcoming API to provide personalized recommendations.  Another example of evolving privacy norms, we as users are willing to turn over some personal data (by filling out a “taste profile” to use the service from which Hunch’s algorithm extrapolates additional information) for greater convenience.

Hacker Disables More Than 100 Cars Remotely. Even cars can be tethered appliances! A Cleveland-based company “encourages” people who have been habitually late with car payments to be more timely by remotely triggering incessant horn honking or disabling the car’s ignition when payments aren’t made. This went badly amiss when a laid-off employee of the company took revenge by remotely bricking or sounding the horns of 100+ cars.

Rebecca MacKinnon’s Testimony at the Congressional-Executive Commission on China’s hearing on “China, the Internet, and Google.” In light of the fast-evolving Google-China saga, MacKinnon’s analysis of the multi-tiered problems in China and possible solutions makes for a good read. Among other things, she claims the Chinese government has hired 280,000 people to “astroturf”—that is, support the government’s views in cyberfora. (The specific number comes from research by David Bandurski, which is unfortunately behind a pay wall.) We’ve covered small-scale astroturfing on this blog, but nothing close to that size or coordination.

Facebook Threatens Greasemonkey Script Writer. A developer came up with the bright idea of writing a Greasemonkey script (that is, one that works through the user’s Firefox browser) to remove all that useless stuff from your Facebook feed—quizzes, Mafia Wars, etc. According to the developer, Facebook abruptly killed the fan page, and is now rolling out code that messes up the Greasemonkey script. If that’s true (and that’s not clear to me; we only have one side of the story) it strikes me as overreaching—Facebook can control its site, but shouldn’t be able to control your browser.

Eleventh Circuit Decision Largely Eliminates Fourth Amendment Protection in E-Mail. As the title of this well-done Volokh conspiracy post suggests, don’t expect to defeat a government search of your email if you live in the Eleventh Circuit. The decision tracks the discussion in chapter 8 of the book, but comes to a harsher conclusion—even e-mail stored locally isn’t safe from government seizure once a copy of it has been delivered elsewhere.

Finally, there are a few new thoughts posted in the comments of the EchoStar/TiVo post.

—By Elisabeth Oppenheimer and Jennifer Halbleib

• Developers are banned from making public statements about the terms of the Agreement.
• Apps developed with the SDK can only be publicly distributed through the App Store and at Apple’s discretion.
• Reverse engineering (including what is considered fair use under copyright law) is prohibited.
• Developers cannot create an application or program that would interfere with any Apple product, not just the iPhone.
• Apple’s liability to a developer is limited to $50.
• Apple can revoke/kill an App at any time.

Google’s Android Software Development Kit License Agreement is very different from its iPhone counterpart.  Not only is there no ban on public statements, but the Agreement is itself publicly available online.  In addition, as we knew, developers don’t have to distribute apps through the Android Market or get Google’s pre-approval if they do (though Google can remove an app if it’s a security risk or violates the Agreement).  If developers don’t use the Market, Google doesn’t take a cut of the profits.

These differences can significantly affect development of the smartphone ecosystem.  On one hand there is the iPhone walled garden, aesthetic and secure but limited; on the other is the wide world of Android, with great potential for variety but also unknown risks, where rules exist, but enforcement is responsive, not preemptive.

Both models may end up coexisting, each phone attracting its own set of users.  Those choosing Android would be willing potentially to sacrifice some security – or take some responsibility for ensuring that what they install on their phone is safe – for novel functions and greater utility, not to mention the cutting-edge cool apps.  iPhone users would opt for a carefully curated set of verified apps at the expense of the most innovative, and riskiest, apps.  Apps that are both useful and safe may transition between platforms, established on Android and subsequently accepted on a case-by-case basis for the iPhone.  Apple may use Android as a testing ground to prove the security of apps that violate iPhone’s strict guidelines but are useful enough to warrant an exception.

Conversely, one of the models may be adopted entirely, the other fading from prominence into history.  For Android to prevail, developers must continue to grow the Market and users judge innovation worth the security risks.  Google itself can maximize this tradeoff by encouraging good apps and vigilantly removing dangerous ones.  But it also requires developers and users to take some responsibility.  Developers by self-policing can prevent the Market from turning into a minefield for users, both by designing secure apps themselves and using the developer community forums to maintain standards across developers within the Market.  Users will have to think before they download and provide feedback to the Market should something go wrong (or right) that can be incorporated into the decisions of other users.  In this scenario, Android would supersede the iPhone much as the Internet replaced AOL and CompuServe.

Alternatively, the iPhone may poach Android to extinction by pilfering all the best apps that Android has tested, leaving only the harmful or useless apps in Android’s exclusive domain.  Or one of JZ’s concerns may materialize – the government may realize the potential for easy control and mandate tethering or users may prefer security to generativity and choose to be penned and shepherded by Apple.

It will be interesting to see how all the players – Apple, Google, developers, users, governments, and watchdogs – influence which story prevails.  Right now, the divergence between the paths forged by Apple and Google is broad.  Will the future follow one or strike out down some middle ground?

–by Jennifer Halbleib

The details: I found myself in the hospital last Thursday thanks to unexplained fevers that spiked at night and were gone by day.  After a bunch of tests my unfailingly conscientious doctor recommended (well, insisted) I get to the hospital for yet more.  By Friday morning I was apparently a very interesting case — offering symptoms that were both general enough (just the fevers) and worrisome enough (a couple numbers very off on some blood tests) that no one could figure out what was going on (put in medicalese that I’m rapidly learning enough of to be dangerous, there was a large “differential diagnosis”) — and yet there was some sense of urgency, especially if what I had was an infection that could go systemic.

Friday afternoon resulted in a procedure that looked to be moderately serious (both it and what kind of infection they were expecting to find), and by Saturday morning people were even more puzzled: there was no infection yet found, but the fevers remained.  (In the meantime, none of the immediate risks from the procedure materialized.)  A friend started a blog to keep friends and family updated, under a light password, and then a colleague had the inspired idea of asking a medical blog to put out a gentle call to its audience — primarily doctors — to help in the diagnosis given what a tough nut it was to crack.  I mean — I do believe that many eyes make all bugs shallow, and the truly fantastic team of doctors here was OK with a blog being kept.  (The case has involved, from what I can tell, multiple specialties from across the hospital and beyond, and every single doctor I’ve encountered, including the hospitalist who manages the case, has been fearsomely smart and intensely engaged.)

The password went away, and initials were used for me — we didn’t use my name because it wasn’t important who I was, and there was no reason to make a few days’ blogging of health issues googleable with my name as a search term forever!  (I know, here I am blogging, but …)

Sunday morning Lessig tweeted that JZ was ill and why was a mystery — all true.  The blog produced some amazingly helpful comments from people and doctors at large, including references to two discrete academic journal articles — one from a Korean medical journal from 1994!  Thanks to the Net I had a copy on my PC and then e-faxed to the nurse’s station on my floor in a matter of minutes.  In the meantime, over the course of today (Monday the 15th), additional results have come back to help narrow the diagnosis in a properly documentable and formal way — one that’s converging, it seems, to the obscure Korean article.  To be clear, the terrific doctors here have been methodically arriving at this diagnosis already.

If that is indeed the diagnosis — and more tests are needed to rule out some other long-tail possible causes — the prognosis is good — certainly much better than some of the diagnoses floating around last week!

Fast forward to about an hour ago, when the good folks at BoingBoing echoed Lessig’s call for assistance — drawn from an intermediate source that had already put 2 and 2 together and turned Lessig’s “JZ” into … me, no doubt without even thinking there was any difference.  So then it became: “Jonathan Zittrain is really sick and needs help finding out why!”  I hope you can see from the full context that that’s both true — it’s a transformation of a tweet that was true at the time, though not meant to be bounced to the whole Net, which is why I hadn’t tweeted it myself — and yet also now false/irrelevant: the diagnostic phase is drawing to a close, and the kind of out-of-the-box brainstorming we’d hoped to draw from targeted crowdsourcing had, wonderfully, happened.

There’s been no desire to trumpet to everyone that I’m illin’, nor any need to do something like raise $100,000 for a transplant or find a matching marrow donor through a distributed appeal to the world.

So — I need to practice what I believe and write about in places like The Future of the Internet, Chapter 9, paragraph 91.  : )  (I hate to post something not topical about the Internet on this blog … and those who know me or follow my work know that I don’t tend to put much of my personal life into either my blog or my tweeting.  Honestly, I’ve yet to figure out how to navigate that line.)  Trying to put a cat back in the bag is not easy, and I’m no fan of the memory hole.

That’s why I’m posting this now — BoingBoing has kindly taken down the post (since the call for help was no longer timely, and because I hadn’t previously been identified), and the friends-and-family blog about my daily adventures in the hospital (no complaints at all about the hospital experience, actually!) will end up back behind a password in the obscurity where it belongs.

I’ll try to be responsive to comments if any are left here, and want to close with a heartfelt thanks to those who have helped sort out this truly puzzling situation, and who have shared their good vibes and support.

See you soon at some conference where I’ll try to scare you about the iPhone even as I use one myself,
JZ
aka Jonathan Zittrain

Canadian Android Carrier Forcing Firmware Update. A Canadian carrier wanted users to download a firmware upgrade that fixed a glitch prohibiting users from dialing 911, so it made the upgrade mandatory. Seems reasonable. But it bundled in an update that “prevent[ed] users from ever gaining root access to their phones.” Sneaky—one more way that contingent generativity really is contingent, even for savvy users.

Biggest Mobile Operators Join Forces On App Store Project. A few dozen mobile operators have come together to try to create a mobile developer’s dream: a set of standards for applications that would work across phones and mobile OSes, and a single app store (with a single approval process) in which to sell those apps. This could be a good thing if it worked—developers might have more say in big-picture application development, and single carriers or hardware manufacturers would have less ability to be a development chokepoint. (It would also be nice for consumers, generally making the smartphone world look more like the PC world.) I’d be more excited if efforts to create uniform mobile standards weren’t so difficult and historically so unsuccessful.

Demand for Android Phones Makes “Monstrous” 250% Jump. Another developer’s dream (perhaps), Android, is seeing significant growth. “Android has finally caught consumer interest,” according to a research firm. Also, Android users are almost as happy as iPhone users with their phone (72% to 77%).

Big Brother Is Here, Families Say. This story is so bizarre, I don’t know what to make of it. A school in Philadelphia gave out laptops without telling the students or their families that the cameras could be remotely activated. The idea was to use the cameras if the laptops were stolen, but one family claims a camera was used to spy on a student. If true (details are cloudy), that would (a) be mind-bogglingly dumb on the school’s part, and (b) reminiscent of this (ubiquitous cameras) and this (remote activation) in the book. Check out the Onion’s take here.

Microsoft takes the StopBadware Approach Further. Last week, MS obtained a restraining order to deactivate 277 domain names it had linked to the Waledec botnet. Severing the connection between drones and the mothership goes beyond tactics employed by the Google/StopBadware Project.  It effectively makes the targeted websites invisible, instead of slapping a prominent warning label on them. Although MS attempted to cut off only addresses used exclusively for spam, it appears that the single U.S.-based target may be a legitimate site, if a hapless drone.  While owners have the opportunity to reclaim their addresses, MS’s actions raise questions of proportionality and whether cooperation and information-sharing between prominent Internet denizens, such as MS and Google, if possible, would result in more efficient and just solutions. Their approach also highlights the tension between the need for secrecy to effectively attack the spam network and the notice usually required prior to legal action.

One step behind. Thesixtyone.com, a site that allows the public to listen to, rate, and buy largely indie music, is looking for a hacker that can break up the bot-powered voting rings seeking to game their democratic rating system.  A laudable goal, but one spammers have already begun to circumvent by using real people instead of bots.

Passing through the cloud. Katherine Boehret recently reviewed Pogoplug, a device that makes files web-accessible without actually storing them in the cloud.  While this type of solution doesn’t address data-portability concerns surrounding extraction of personal data in usable form – to allow seamless transition between social networking sites, for example – it does let the user to maintain more control over data instead of entrusting it entirely to the cloud.  This control prevents third parties from holding data hostage and from losing, allowing government access to, selling, or mining personal information; but users can still access their files from almost anywhere.

Please think twice. A website launched last week illustrates the risk of publicly sharing information online.  Pleaserobme.com aggregates Twitter posts that contain location-sharing information from Foursquare in a chronological list to show the potential for exploitation by Internet users with malicious intentions.  While it’s probable that only a small set of burglars will take advantage of this information, the site is an example of a grassroots campaign to raise awareness of potential problems for users who don’t recognize how the information they freely give can be mined.  Whether this awareness leads them to alter their behavior or simply “get over it” is up to the individual.

Facebook messaging glitch. A subset of Facebook users experienced firsthand the risk of entrusting control of personal messages to third parties.  Last Wednesday, FB accidentally sent the private messages of a “small number” of users to strangers instead of the intended recipients.  Unlike well-publicized security breaches of credit card companies and banks, the misdirected messages were largely personal in nature and contained little identifying information, so the risk of actual injury is low.  But that may not be very comforting to those who had intimate details divulged to strangers.  Some of the accounts indeed provoke a gut-level enquiry as to how privacy violation should be measured.  On the flip-side, the occasional misrouting of a letter by the Post Office doesn’t give rise to much concern – and in that case the sender is usually clearly identifiable – so why should electronic mail be afforded greater scrutiny?

—By Jennifer Halbleib and Elisabeth Oppenheimer

Mike Petrucci’s AppMakr Saga. Mike Petrucci decided to use AppMakr to put together an app aggregating his Twitter, blog, etc, feeds…only to have Apple reject it because it wasn’t of general interest. That’s a big difference between iPhone apps and, say, web apps (blogger has definitely never rejected someone for being of limited interest). It’ll be interesting to see what line Apple decides to take on this, and how AppMakr and similar companies push them.

Apple orders Android mention scrubbed from App Store. Speaking of Apple…they order a developer to take “Finalist in Google Android’s Developer’s Challenge!” out of the description of its app. Just silly.

In Europe, Challenges for Google. Much attention has been paid to Google’s business in China, but Europe (particularly Italy) poses difficulties, too—different copyright laws, different privacies laws, and different free speech traditions.

Google Buzz Privacy Issues Have Real Life Implications. However, Google has more pressing privacy concerns to worry about this week, with the rollout and reaction to Google Buzz. Google generally does just fine releasing a half-baked product and cleaning up the details later, but that’s a terrible idea when the rollout includes auto-sharing previously private information. It’s disturbing that this concern made it past however many rounds of internal testing Google did.

—Elisabeth Oppenheimer