November 23, 2024

Posts Comments

Lessons from Amazon's 1984 Moment

July 20, 2009 by

Amazon got some well-deserved criticism for yanking copies of Orwell’s 1984 from customers’ Kindles last week. Let me spare you the copycat criticism of Amazon — and the obvious 1984-themed jokes — and jump right to the most interesting question: What does this incident teach us?

Human error was clearly part of the problem. Somebody at Amazon decided that repossessing purchased copies of 1984 would be a good idea. They were wrong about this, as both the public reaction and the company’s later backtracking confirm. But the fault lies not just with the decision-maker, but also with the factors that made the decision more likely, including some aspects of the technology itself.

Some put the blame on DRM, but that’s not the problem here. Even if the Kindle used open formats and let you export and back up your books, Amazon could still have made 1984 disappear from your Kindle. Yes, some users might have had backups of 1984 stored elsewhere, but most users would have lost their only copy.

Some blame cloud computing, but that’s not precisely right either. The Kindle isn’t really a cloud device — the primary storage, computing and user interface for your purchased books are provided by your own local Kindle device, not by some server at Amazon. You can disconnect your Kindle from the network forever (by flipping off the wireless network switch on the back), and it will work just fine.

Some blame the fact that Amazon controls everything about the Kindle’s software, which is a better argument but still not quite right. Most PCs are controlled by a single company, in the sense that that company (Microsoft or Apple) can make arbitrary changes to the software on the PC, including (in principle) deleting files or forcibly removing software programs.

The problem, more than anything else, is a lack of transparency. If customers had known that this sort of thing were possible, they would have spoken up against it — but Amazon had not disclosed it and generally does offer clear descriptions of how the product works or what kinds of control the company retains over users’ devices.

Why has Amazon been less transparent than other vendors? I’m not sure, but let me offer two conjectures. It might be because Amazon controls the whole system. Systems that can run third-party software have to be more open, in the sense that they have to tell the third-party developers how the system works, and they face some pressure to avoid gratuitous changes that might conflict with third-party applications. Alternatively, the lack of transparency might be because the Kindle offers less functionality than (say) a PC. Less functionality means fewer security risks, so customers don’t need as much information to protect themselves.

Going forward, Amazon will face more pressure to be transparent about the Kindle technology and the company’s relationship with Kindle buyers. It seems that e-books really are more complicated than dead-tree books.

Filed Under: Uncategorized Tagged With: , , ,

If You're Going to Track Me, Please Use Cookies

July 7, 2009 by

Web cookies have a bad name. People often complain — with good reason — about sites using cookies to track them. Today I want to say a few words in favor of tracking cookies.

[Technical background: An HTTP “cookie” is a small string of text. When your web browser gets a file from a site, the site can send along a cookie. Your browser stores the cookie. Later, if the browser gets another file from the same site, the browser will send along the cookie.]

What’s important about cookies, for our purposes, is that they allow a site to tell when it’s seeing the same browser (and therefore, probably, the same user) that it saw before. This has benign uses — it’s needed to implement the shopping cart feature of e-commerce sites (so the site knows which cart is yours) and to remember that you have logged in to a site so you don’t have to log in over and over.

The dark side of cookies involves “hidden” sites that track your activities across the web. Suppose you go to A.com, and A.com’s site includes a banner ad that is provided by the advertising service AdService.com. Later, you go to B.com, and B.com also includes a banner ad provided by AdService.com. When you’re reading A.com and your browser goes to AdService.com to get an ad, AdService.com gives you a cookie. Later, when you’re reading B.com and your browser goes back to AdService.com to get an ad, AdService.com will see the cookie it gave you earlier. This will allow AdService.com to link together your visits to A.com and B.com. Ad services that place ads on lots of sites can link together your activities across all of those sites, by using a “tracking cookie” in this way.

The obvious response is to limit or regulate the use of tracking cookies — the government could limit them, industry could self-regulate, or users could shun sites that associate themselves with tracking cookies.

But this approach could easily backfire. It turns out that there are lots of ways for a site to track users, by recognizing something distinctive about the user’s computer or by placing a unique marker on the computer and recognizing it later. These other tracking mechanisms are hard to detect — new tracking methods are discovered regularly — and unlike cookies they can be hard for users to manage. The tools for viewing, blocking, and removing cookies are far from perfect, but at least they exist. Other tracking measures leave users nearly defenseless.

My attitude, as a user, is that if a site is going to track me, I want them to do it openly, using cookies. Cookies offer me less transparency and control that I would like, but the alternatives are worse.

If I were writing a self-regulation code for the industry, I would have the code require that cookies be the only means used to track users across sites.

Filed Under: Uncategorized Tagged With:

CITP Announces 2009-10 Visitors

June 29, 2009 by

Today, I’m pleased to announce CITP’s visitors for the upcoming academic year.

Deven R. Desai, Visiting Fellow: Deven is an Associate Professor of Law at the Thomas Jefferson School of Law, and a permanent blogger at Concurring Opinions. Professor Desai’s scholarship centers on intellectual property, information theory, and Internet-related law. He plans to work on a major project exploring the ways trademark law can foster, or limit, online innovation.

James Katz, Visiting Fellow. Jim is Professor, Chair of the Department of Communication, and Director of the Center for Mobile Communication Studies at Rutgers, where he holds the University’s highest professorial rank. He has devoted much of his career to exploring the social consequences of new communication technology, especially the mobile phone and Internet. Currently he is looking at how personal communication technologies can be used by teens from urban environments to engage in informal science and health learning. This research is being carried out through an NSF-sponsored project with New Jersey’s Liberty Science Center.

Rebecca MacKinnon, Visiting Fellow (spring term): Rebecca is an Assistant Professor at the University of Hong Kong’s Journalism and Media Studies Centre. She is currently on leave, as an Open Society Fellow, to work on a book tentatively titled “Internet Freedom and Control: Lessons from China for the World.” She will spend the spring 2010 semester at CITP, continuing to work on the book. Rebecca is a cofounder of Global Voices, a founding member of the Global Network Initiative, and a former television journalist, having served as CNN’s bureau chief in Beijing and, later, Tokyo.

Jens Grossklags, Postdoctoral Research Associate: Jens, a new PhD from the UC Berkeley School of Information, studies information economics and technology policy. He focuses on the intersection of privacy, security, and network systems. His approach is highly interdisciplinary, combining economics, computer science, and public policy. Currently, he is investigating the ways institutions and end users make decisions about complex computer security risks under conditions of uncertainty and limited information.

Joseph Lorenzo Hall, Visiting Postdoctoral Research Associate: Joe, whose work is supported by the NSF ACCURATE Center, also earned his PhD from the UC Berkeley School of Information. His dissertation examined public policy mechanisms for making computerized voting systems more transparent. He continues to work along the same lines, drawing lessons from voting machines, gaming machines and other technologies on how to best protect users from error and malicious activity.

In addition to these full time appointments, the Center will also welcome two Visiting Research Collaborators on an occasional basis: Alex Halderman, an Assistant Professor of Computer Science at the University of Michigan (and recently in the news for his research group’s analysis of China’s Green Dam software), and David Lukens, an attorney who has been collaborating on the Center’s transparency work.

Filed Under: Uncategorized Tagged With: ,

U.S. Objects to China's Mandatory Green Dam Censorware

June 25, 2009 by

Yesterday, the U.S. Commerce Secretary and Trade Representative sent a letter to China’s government, objecting to China’s order, effective July 1, to require that all new PCs sold in China have preinstalled the Green Dam Youth Escort censorware program.

Here’s today’s New York Times:

Chinese officials have said that the filtering software, known as Green Dam-Youth Escort, is meant to block pornography and other “unhealthy information.”

In part, the American officials’ complaint framed this as a trade issue, objecting to the burden put on computer makers to install the software with little notice. But it also raised broader questions about whether the software would lead to more censorship of the Internet in China and restrict freedom of expression.

The Green Dam requirement puts U.S.-based PC companies, such as HP and Dell, in a tough spot: if they don’t comply they won’t be able to sell PCs in China; but if they do comply they will be censoring their customers’ Internet use and exposing customers to serious security risks.

There are at least two interesting new angles here. The first is the U.S. claim that China’s action violates free trade agreements. The U.S. has generally refrained from treating China’s Internet censorship as a trade issue, even though U.S. companies have often found themselves censored at times when competing Chinese companies were not. This unequal treatment, coupled with the Chinese government’s reported failure to define clearly which actions trigger censorship, looks like a trade barrier — but the U.S. hasn’t said much about it up to now.

The other interesting angle is the direct U.S. objection to censorship of political speech. For some time, the U.S. has tolerated China’s government blocking certain political speech in the network, via the “Great Firewall“. It’s not clear exactly how this objection is framed — the U.S. letter is not public — but news reports imply that political censorship itself, or possibly the requirement that U.S. companies participate in it, is a kind of improper trade barrier.

We’re heading toward an interesting showdown as the July 1 date approaches. Will U.S. companies ship machines with Green Dam? According to the New York Times, HP hasn’t decided, and Dell is dodging the question. The companies don’t want to lose access to the China market — but if U.S. companies participate so directly in political censorship, they would be setting a very bad precedent.

Filed Under: Censorship & Filtering Tagged With: , ,

My Testimony on Behavioral Advertising: Post-Mortem

June 23, 2009 by

On Thursday I testified at a House hearing about online behavioral advertising. (I also submitted written testimony.)

The hearing started at 10:00am, gaveled to order by Congressman Rush, chair of the Subcommittee on Commerce, Trade, and Consumer Protection. He was flanked by Congressman Boucher, chair of the Subcommittee on Communications, Technology, and the Internet , and Congressmen Steans and Radanovich, the Ranking Members (i.e., the highest-ranking Republican members) of the subcommittees.

First on the agenda we had opening statements by members of the committees. Members had either two or five minutes to speak, and the differing perspectives of the members became clear during these statements. The most colorful statement was by Congressman Barton, who supplemented his interesting on-topic statement with a brief digression about the Democrats vs. Republicans charity baseball game which was held the previous day. The Democrats won, to Congressman Barton’s chagrin.

After the opening statements, the chair recessed the hearings, so the Members could go to the House floor to vote. Members of the House must be physically present in the House chamber in order to vote, so it’s not unusual for hearings to recess when there is a floor vote. The House office buildings have buzzers, not unlike the bells that mark the ends of periods in a school, which alert everybody when a vote starts. The Members left the hearing room, and we all waited for the vote(s) to end, so our hearing could resume. The time was 10:45 AM.

What happened next was very unusual indeed. The House held vote after vote, more than fifty votes in total, as the day stretched on, hour after hour. They voted on amendments, on motions to reconsider the votes on the amendments, on other motions — at one point, as far as I could tell, they were voting on a motion to reconsider a decision to table an appeal of a procedural decision of the chair. To put it bluntly, the Republicans were staging a kind of work stoppage. They did this, I hear, to protest an unusual procedural limitation that the Democrats had placed on the handling of the appropriations bill that was currently before the House. I don’t know enough about the norms of House procedure to say which party had the better argument here — but I do know that the recess in our hearing lasted eight and a half hours.

These were not the most exciting eight and a half hours I have experienced. As the day stretched on, we did get a chance to wander around and do a little light tourism. Probably the highlight was when we saw Angelina Jolie in the hallway.

When we reconvened at 7:15 PM, the room, which had been overflowing with spectators in the morning, was mostly empty. The members of the committees, though, made a pretty good showing, which was especially impressive given that it was Thursday evening, when many Members hightail it back home to their districts. Late in the day, after a day that must have been frustrating for everybody, we sat down to business and had a good, substantive hearing. There were no major surprises — there rarely are at hearings — but everyone got a chance to express their views, and the members asked substantive questions.

Thinking back on the hearing, I did realize one thing that may have been missing. The panel of witnesses included three companies, Yahoo, Google, and Facebook, that are both ad services and content providers. There was less attention to situations where the ad service and the content provider are separate companies. In this latter case, where the ad service does not have a direct relationship with the consumer, so the market pressure on the ad service to behave well is attenuated. (There is still some pressure, through the content provider, who wants to stay in the good graces of consumers, but an indirect link is not as effective as a direct one would be.) Yahoo, Google, and Facebook are household names, and we would naturally expect them to pay more careful attention to the desires of consumers and Congress than lower-profile ad services would.

Witnesses have the opportunity to submit further written testimony. Any suggestions on what I might discuss?

Filed Under: Uncategorized Tagged With: ,