April 18, 2014

avatar

Google Threatens to Leave China

The big news today is Google’s carefully worded statement changing its policy toward China. Up to now, Google has run a China-specific site, google.cn, which censors results consistent with the demands of the Chinese government. Google now says it plans to offer only unfiltered service to Chinese customers. Presumably the Chinese government will not allow this and will respond by setting the Great Firewall to block Google. Google says it is willing to close its China offices (three offices, with several hundred employees, according to a Google spokesman) if necessary.

This looks like a significant turning point in relations between U.S. companies and the Chinese government.

Before announcing the policy change, the statement discusses a series of cyberattacks against Google which sought access to Google-hosted accounts of Chinese dissidents. Indeed, most of the statement is about the attacks, with the policy change tacked on the end.

Though the statement adopts a measured tone, it’s hard to escape the conclusion that Google is angry, presumably because it knows or strongly suspects that the Chinese government is responsible for the attacks. Perhaps there are other details, which aren’t public at this time, that further explain Google’s reaction.

Or maybe the attacks are just the straw that broke the camel’s back — that Google had already concluded that the costs of engagement in China were higher than expected, and the revenue lower.

Either way, the Chinese are unlikely to back down from this kind of challenge. Expect the Chinese government, backed by domestic public opinion, to react with defiance. Already the Chinese search engine Baidu has issued a statement fanning the flames.

We’ll see over the coming days and weeks how the other U.S. Internet companies react. It will be interesting, too, to see how the U.S. government reacts — it can’t be happy with the attacks, but how far will the White House be willing to go?

Please, chime in with your own opinions.

[UPDATE (Jan. 13): I struck the sentence about Baidu's statement, because I now have reason to believe the translated statement I saw may not be genuine.]

avatar

Watching Google's Gatekeepers

Google’s legal team has extraordinary power to decide which videos can be seen by audiences around the world, according to Jeffrey Rosen’s piece, Google’s Gatekeepers in yesterday’s New York Times magazine. Google, of course, owns YouTube, which gives it the technical ability to block particular videos — though of course so many videos are submitted that it’s impractical to review them all in advance.

Some takedown requests are easy — content that is offensive and illegal (almost) everywhere will come own immediately once a complaint is received and processed. But Rosen focuses on more difficult cases, where a government asks YouTube to take down a video that expresses dissent or is otherwise inconvenient for that government. Sometimes these videos violate local laws, but more often their legal status is murky and in any case the laws in question may be contrary to widely accepted free speech principles.

Rosen worries that too much power to decide what can be seen is being concentrated in the hands of one company. He acknowledges that Google has behaved reasonably so far, but he worries about what might happen in the future.

I understand his point, but it’s hard to see an alternative that would be better in practice. If Google, as the owner of YouTube, is not going to have this power, then the power will have to be given to somebody else. Any nominations? I don’t have any.

What we’re left with, then, is Google making the decisions. But this doesn’t mean all of us are out in the cold, without influence. As consumers of Google’s services, we have a certain amount of leverage. And this is not just hypothetical — Google’s “don’t be evil” reputation contributes greatly to the value of its brand. The moment people think Google is misbehaving is the moment they’ll consider taking their business elsewhere.

As concerned members of the public — concerned customers, from Google’s viewpoint — there are things we can do to help keep Google honest. First, we can insist on transparency, that Google reveal what it is blocking and why. Rosen describes some transparency mechanisms that are in place, such as Google’s use of the Chilling Effects website.

Second, when we use Google’s services, we can try to minimize our switching costs, so that moving to an alternative service is a realistic possibility. The less we’re locked in to Google’s service, the less we’ll feel forced to keep using those services even if the company’s behavior changes. And of course we should think carefully about switching costs in all our technology decisions, even when larger policy issues aren’t at stake.

Finally, we can make sure that Google knows we care about free speech, and about its corporate behavior generally. This means criticizing them when they slip up, and praising them when they do well. Most of all, it means debating their decisions — which Rosen’s article helpfully invites us to do.

avatar

Economic Growth, Censorship, and Search Engines

Economic growth depends on an ability to access relevant information. Although censorship prevents access to certain information, the direct consequences of censorship are well-known and somewhat predictable. For example, blocking access to Falun Gong literature is unlikely to harm a country’s consumer electronics industry. On the web, however, information of all types is interconnected. Blocking a web page might have an indirect impact reaching well beyond that page’s contents. To understand this impact, let’s consider how search results are affected by censorship.

Search engines keep track of what’s available on the web and suggest useful pages to users. No comprehensive list of web pages exists, so search providers check known pages for links to unknown neighbors. If a government blocks a page, all links from the page to its neighbors are lost. Unless detours exist to the page’s unknown neighbors, those neighbors become unreachable and remain unknown. These unknown pages can’t appear in search results — even if their contents are uncontroversial.

When presented with a query, search engines respond with relevant known pages sorted by expected usefulness. Censorship also affects this sorting process. In predicting usefulness, search engines consider both the contents of pages and the links between pages. Links here are like friendships in a stereotypical high school popularity contest: the more popular friends you have, the more popular you become. If your friend moves away, you become less popular, which makes your friends less popular by association, and so on. Even people you’ve never met might be affected.

“Popular” web pages tend to appear higher in search results. Censoring a page distorts this popularity contest and can change the order of even unrelated results. As more pages are blocked, the censored view of the web becomes increasingly distorted. As an aside, Ed notes that blocking a page removes more than just the offending material. If censors block Ed’s site due to an off-hand comment on Falun Gong, he also loses any influence he has on information security.

These effects would typically be rare and have a disproportionately small impact on popular pages. Google’s emphasis on the long tail, however, suggests that considerable value lies in providing high-quality results covering even less-popular pages. To avoid these issues, a government could allow limited individuals full web access to develop tools like search engines. This approach seems likely to stifle competition and innovation.

Countries with greater censorship might produce lower-quality search engines, but Google, Yahoo, Microsoft, and others can provide high-quality search results in those countries. These companies can access uncensored data, mitigating the indirect effects of censorship. This emphasizes the significance of measures like the Global Network Initiative, which has a participant list that includes Google, Yahoo, and Microsoft. Among other things, the initiative provides guidelines for participants regarding when and how information access may be restricted. The effectiveness of this specific initiative remains to be seen, but such measures may provide leading search engines with greater leverage to resist arbitrary censorship.

Search engines are unlikely to be the only tools adversely impacted by the indirect effects of censorship. Any tool that relies on links between information (think social networks) might be affected, and repressive states place themselves at a competitive disadvantage in developing these tools. Future developments might make these points moot: in a recent talk at the Center, Ethan Zuckerman mentioned tricks and trends that might make censorship more difficult. In the meantime, however, governments that censor information may increasingly find that they do so at their own expense.

avatar

DMCA Week, Part I: How the DMCA Was Born

Ten years ago tomorrow, on October 28, 1998, the Digital Millennium Copyright Act was signed into law. The DMCA’s anti-circumvention provisions, which became 17 USC Section 1201, made it a crime under most circumstances to “circumvent a technological measure that effectively controls access to” a copyrighted work, or to “traffic in” circumvention tools. In the default case, the new law meant that a copyright holder who used DRM to control access to her copyrighted material could exercise broad new control over how her material was used. If an album or film were distributed with DRM allowing it to be played only on alternate Tuesdays, or only in certain geographic regions, then these limits enjoyed the force of law–to go around them might not involve a a violation of copyright per se, but it would involve circumventing the access control, an activity that the DMCA made a felony.

Over the course of this week, Freedom to Tinker will be taking stock of the DMCA. What do ten years’ experience tell us about this law in particular, and about technology law and policy more generally?

Today, I’ll focus on the law’s creation. It passed in the Senate by unanimous consent, and in the House by a voice vote. But as Jessica Litman, among others, has pointed out, there was a lively debate leading up to that seemingly consensus moment. As a starting point for discussion, I’ll briefly summarize chapters six through nine of her 2001 book, Digital Copyright: Protecting Intellectual Property on the Internet.

In the early days of the Clinton administration, as part of a broader effort to develop policy responses to what was then known as the “Information Superhighway,” a working group was convened under Patent Commissioner Bruce Lehman to suggest changes to copyright law and policy. This group produced a 267 page white paper in September 1995. It argued that additional protections were necessary because

Creators and other owners of intellectual property rights will not be willing to put their interests at risk if appropriate systems — both in the U.S. and internationally — are not in place to permit them to set and enforce the terms and conditions under which their works are made available in the NII [National Information Infrastructure] environment.

In its section on Technological Protection (from pages 230-234), the white paper offers the meat of its recommendation for what became section 1201, the anti-circumvention rules:

Therefore, the Working Group recommends that the Copyright Act be amended to include a new Chapter 12, which would include a provision to prohibit the
importation, manufacture or distribution of any device, product or component incorporated into a device or product, or the provision of any service, the primary purpose or effect of which is to avoid, bypass, remove, deactivate, or otherwise circumvent, without authority of the copyright owner or the law, any process, treatment, mechanism or system which prevents or inhibits the violation of any of the exclusive rights under Section 106. The provision will not eliminate the risk that protection systems will be defeated, but it will reduce it.

In its prediction that anti-circumvention law would “reduce” “the risk that protection systems will be defeated,” the white paper offers a concise statement of the primary rationale for section 1201. That prediction hasn’t panned out: the anti-circumvention rules were enacted, but did not meaningfully reduce the risk of defeat faced by DRM systems. The defeat of such systems is, despite the DMCA, a routine eventuality following their introduction.

As Professor Litman tells the story, the Lehman white paper’s recommendations met with domestic resistance, which prompted Lehman to “press for an international diplomatic conference in Geneva hosted by the World Intellectual Property Organizaton (WIPO).” The upshot was a new treaty incorporating many of the white paper’s elements. It required participating nations to “provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors… [to] restrict acts… which are not authorized by the authors concerned or permitted by law.”

Did this treaty actually require something like the DMCA? Before the DMCA’s passage, copyright law already included secondary liability for those who knowingly “induce, cause, or materially contribute to” the infringing conduct of another (contributory infringement liability), or who have the right and ability to control the infringing actions of another party and receive a financial benefit from the infringement (vicarious infringement liability). Clear precedent, and subsequent decisions like MGM v. Grokster confirm that creators of infringement-enabling technologies can be held liable under copyright law, even without the DMCA. Nonetheless, the treaty’s language was clearly intended by its American framers and promoters to provide a rationale for the DMCA’s anti-circumvention provisions.

One impact of this maneuver was to allow the DMCA to be promoted under the rubric of harmonization—aside from its merits as policy, DMCA proponents could claim that it was necessary in order to meet American treaty obligations. The fact that Clinton administration negotiators had been instrumental in creating the relevant international obligations in the first place was lost in the noise. And overall, America’s interest in meeting its international obligations in the intellectual property arena is quite strong. The economics of patents, rather than of copyright, dominate: U.S. patent holders in pharmaceuticals, high technology and elsewhere find themselves fighting foreign infringement. U.S. legislators are therefore apt to assign very high priority to encouraging global compliance with the intellectual property treaty regime, regardless of concerns they may have about the details of a particular measure.

A second long term impact was to lead to DMCA-like laws around the world. Other countries often took a narrow reading of the treaty obligation and declined, based on it, to adopt anti-circumvention rules. But, perhaps emboldened by the success of the international-negotiations-first approach to copyright, the U.S. executive branch has used free trade negotiations as a wedge to force other countries to adopt DMCA-like statutes. Anti-circumvention requirements make surprising cameos in the United States’s bilateral free trade agreements with Jordan, Singapore, Chile, Australia and several other countries (more information here).

What lessons can we draw from this experience? First, it is a cautionary tale about international law. One often hears appeals to international law, in domestic political debates, that attach special normative value to the fact that a given provision is required by a treaty. These appeals may be generally justified, but the DMCA/WIPO experience at least argues that they deserve to be evaluated critically rather than taken at face value. Second, it serves as a powerful reminder that the unanimous votes leading to the passage of the DMCA mask an intricate series of negotiations and controversies.

Thirdly, and most importantly, the globalized birth of the DMCA provides a cautionary tale for the future. The currently proposed ACTA (Anti-Counterfeiting Trade Agreement), is a next-generation treaty that would cover online piracy, among other matters. Its exact contents are under wraps–the public outcry and litigation that have surrounded the measure stem mostly from a leaked memo outlining possible principles for inclusion in the treaty. Proposals include creating or strengthening penalties for those who promote infringement non-commercially, and enhanced ability to seize and destroy infringing media at international borders. Absent the text of a proposed agreement, it’s hard to respond in detail to ACTA. But if the genesis of the DMCA teaches us anything, it is that these international agreements deserve close scrutiny. When an agreement is created in opaque, closed-door negotiations, and then presented to the legislature as a fait accompli, it deserves close and skeptical scrutiny.

avatar

Cheap CAPTCHA Solving Changes the Security Game

ZDNet’s “Zero Day” blog has an interesting post on the gray-market economy in solving CAPTCHAs.

CAPTCHAs are those online tests that ask you to type in a sequence of characters from a hard-to-read image. By doing this, you prove that you’re a real person and not an automated bot – the assumption being that bots cannot decipher the CAPTCHA images reliably. The goal of CAPTCHAs is to raise the price of access to a resource, by requiring a small quantum of human attention, in the hope that legitimate human users will be willing to expend a little attention but spammers, password guessers, and other unwanted users will not.

It’s no surprise, then, that a gray market in CAPTCHA-solving has developed, and that that market uses technology to deliver CAPTCHAs efficiently to low-wage workers who solve many CAPTCHAs per hour. It’s no surprise, either, that there is vigorous competition between CAPTCHA-solving firms in India and elsewhere. The going rate, for high-volume buyers, seems to be about $0.002 per CAPTCHA solved.

I would happily pay that rate to have somebody else solve the CAPTCHAs I encounter. I see two or three CAPTCHAs a week, so this would cost me about twenty-five cents a year. I assume most of you, and most people in the developed world, would happily pay that much to never see CAPTCHAs. There’s an obvious business opportunity here, to provide a browser plugin that recognizes CAPTCHAs and outsources them to low-wage solvers – if some entrepreneur can overcome transaction costs and any legal issues.

Of course, the fact that CAPTCHAs can be solved for a small fee, and even that most users are willing to pay that fee, does not make CAPTCHAs useless. They still do raise the cost of spamming and other undesired behavior. The key question is whether imposing a $0.002 fee on certain kinds of accesses deters enough bad behavior. That’s an empirical question that is answerable in principle. We might not have the data to answer it in practice, at least not yet.

Another interesting question is whether it’s good public policy to try to stop CAPTCHA-solving services. It’s not clear whether governments can actually hinder CAPTCHA-solving services enough to raise the price (or risk) of using them. But even assuming that governments can raise the price of CAPTCHA-solving, the price increase will deter some bad behavior but will also prevent some beneficial transactions such as outsourcing by legitimate customers. Whether the bad behavior deterred outweighs the good behavior deterred is another empirical question we probably can’t answer yet.

On the first question – the impact of cheap CAPTCHA-solving – we’re starting a real-world experiment, like it or not.

avatar

Counterfeits, Trojan Horses, and shady distributors

Last Friday, the New York Times published an article about counterfeit Cisco products that have been sold as if they were genuine and are widely used throughout the U.S. government.  The article also raised the concern that these counterfeits could well be engineered with malicious intent, but that this appears not to have been the case. There was an immediate Slashdot thread as well, but a number of issues are still worth commenting on.

First things first: the facts, as best we understand them.  The New York Times reports that approximately 3500 counterfeit Cisco components (worth $3.5M) have been discovered as a result of a two-year FBI investigation.  A Cisco spokesman is quoted saying that they found “no evidence of re-engineering.”  In other words, we’re talking about faithful knock-offs of legitimate products.

If you go to the FBI’s unclassified PowerPoint presentation (dated January 11, 2008), you’ll see all the actual information.  This is a fascinating read.  For starters, let’s talk about the cost.  The slides claim you can get a counterfeit router for approximately 1/6 the cost of a genuine router.  (You can do similarly well buying used gear on eBay.)  The counterfeit gear looks an awful lot like the genuine article.  Detecting differences here is as difficult as detecting counterfeit money, counterfeit Rolex watches, or counterfeit signatures from sports stars.  Given the apparent discrepancy between component cost and street value, we should be no more surprised to find knock-off Cisco gear than we are to find knock-off everything else.

Counterfeit vs. Original Cisco line card

It’s claimed that these counterfeits are built to lower manufacturing standards than the original equipment, causing higher failure rates. One even caught fire due to a faulty power supply.  Likewise, the fakers are making stupid errors, like building multiple components with the same MAC address.  (MAC addresses, by design, are meant to be unique – no two ever the same.)

The really interesting story is all about the supply chain. Consider how you might buy yourself a new Mac.  You could go to your local Apple store.  Or you could get it from any of a variety of other stores, who in turn may have gotten it from Apple directly or may have gone through a distributor.  Apparently, for Cisco gear, it’s much more complicated than that.  The U.S. government buys from “approved” vendors, who might then buy from multiple tiers of sub-contractors.  In one case, one person bought shady gear from eBay and resold it to the government, moving a total of $1M in gear before he was caught.  In a more complicated case, Lockheed Martin won a bid for a U.S. Navy project.  They contracted with an unauthorized Cisco reseller who in turn contracted with somebody else, who used a sub-contractor, who then directly shipped the counterfeit gear to the Navy. (The slides say that $250K worth of counterfeit gear was sold; duplicate serial numbers were discovered.)

Why is this happening?  The Government wants to save money, so they look for contractors who can give them the best price, and their contracts allow for subcontracts, direct third-party shipping, and so forth.  There is no serious vetting of this supply chain by either Cisco or the government. Apparently, Cisco doesn’t do direct sales except for high-end, specialized gear.  You’d think Cisco would follow the lead of the airline industry, among others, and cut out the distributors to keep the profit for themselves.

Okay, on to the speculation.  Both the New York Times and the FBI presentation concern themselves with Trojan Horses.  Even though there’s no evidence that any of this counterfeit gear was actually malicious, the weak controls in the supply chain make it awfully easy for such compromised gear to be sold into sensitive parts of the government, raising all the obvious concerns.

Consider a recent paper by U. Illinois’s Sam King et al. where they built a “malicious processor”.  The idea is pretty clever.  You send along a “secret knock” (e.g., a network packet with a particular header) which triggers a sensor that enables “shadow code” to start running alongside the real operating system.  The Illinois team built shadow code that compromised the Linux login program, adding a backdoor password.  After the backdoor was tripped, it would disable the shadow code, thus going back to “normal” operation.

The military is awfully worried about this sort of threat, as well they should be.  For that matter, so are voting machine critics. It’s awfully easy for “stealth” malicious behavior to exist in legitimate systems, regardless of how carefully you might analyze or test it. Ken Thompson’s classic paper, Reflections on Trusting Trust, shows how he designed a clever Trojan Horse for Unix.  [Edit: it's unclear that it ever got released into the wild.]

Okay everybody, let’s put on our evil hats.  If your goal was to get a Trojan Horse router into a sensitive military environment, how would you do it and how would it behave?  Clearly, the weak supply chain is an excellent vector for getting the gear into place.  Given the resources of a nation-state intelligence agency, you could afford to buy genuine Cisco parts and modify them, rather than using low-cost, counterfeit gear.  Nobody would detect you; you wouldn’t screw up and ship multiple boxes with the same serial number.

How will you implement your Trojan Horse logic?  Pretty much any gear you’ll ever find of any modest complexity will have software running inside it.  Even line cards have embedded processors of some sort.  For all that hardware, there’s software, and that’s what you’d go to install your logic bomb.  The increasing use of FPGAs in industrial designs means you could also “rewire” those parts to behave arbitrarily, much like the Illinois hack; you’d really want to get a hold of the original VHDL “source code”, leveraging your aforementioned spying prowess, to simplify the design and implementation of your malicious behavior.  Hacking the raw netlists (the FPGA-equivalent of machine code) would be possible, but would be far more painful. [See Sidebar.]

What sort of behavior would you build in?  The New York Times raises the idea of a kill switch.  I send your router a magic packet and it dies.  That’s too easy.  How about I send your router a magic packet, it then forwards it on to all of its peers, repeatedly, and then they all die a few seconds later?  That’s a pretty good denial of service attack (nevermind a plot device that was the basis of a popular science fiction television series). Alternatively, following the Illinois idea, we could imagine that the magic packet turns on a monitoring feature, allowing our intelligence agency to gather all kinds of information, reconfigure the router, and so forth.  If they don’t want to generate extra traffic, which might be detected, they could instead weaken the encryption of a VPN tunnel, perhaps publishing the session key through a subliminal channel of some sort, acquiring the ciphertext through “other” means.

In summary, it’s probably a good thing, from the perspective of the U.S. military, to discover that their supply chain is allowing counterfeit gear into production.  This will help them clean up the supply chain, and will also provide an extra push to consider just how much they trust the sources of their equipment to ship clean software and hardware.

[Sidebar: Xilinx supports a notion of "encrypting" a netlist.  Broadly speaking, the idea behind the technology is to encrypt the description of your FPGA configuration with a crypto key, such that anybody who reads the file out of your board gets encrypted garbage.  However, the FPGA has the key material to decrypt the configuration and then initialize itself normally.  This sort of technology is meant to serve an anti-piracy / anti-reverse-engineering purpose.  It could ostensibly also serve an anti-Trojan Horse purpose, although at that point it's really no more or less secure, semantically, than Microsoft's Authenticode.  This technology, more broadly, is also an active research area (see, for example, Roy et al.'s EPIC: Ending Piracy of Integrated Circuits).  Again, if we've got a nation-state intelligence service tampering with the system, none of this is going to provide meaningful protection for the end-user against Trojan Horses.]

avatar

One Laptop Per Child (New Version), Reviewed by 12-Year-Old

[Today we welcome back SG, a twelve-year-old who previously reviewed the B2 version of the One Laptop Per Child computer. SG had a chance to examine the latest (B4) version of the OLPC machine and write a new review. As before, the review is unedited, just as SG wrote it. – Ed]

After my first review, the administrators at OLPC were kind enough to send Mr. Felten the newer model of the computer, the B4, for me to review. The difference between the two models was quite dramatic. Between new games, new applications, design changes, and a few touch ups for the system, the B4 clearly outshines the B2. I didn’t even know about a bunch of problems in the B2 until they got fixed in the B4!

The minute I picked the new computer up, I saw the physical differences. There are bumps on the handle of the B4. The B2 has none. The flip- up antenna on the B2 was encased in hard plastic, and on the B4, it’s just thick rubber. The keyboards are pretty much the same, apart from a few minor differences along the top. Once I opened it up and started it, I noted how much quicker it booted up than the B2. Then I saw the icons. The B2 has less than half the icons than the B4, which has 13!

As for games, entertainment, and the internet, this computer has bountiful resources. There were many new and fun programs. One of them, called “Block party”, is just plain old tetris with a different name. As I am not really gifted in tetris, I had a lot of fun losing repeatedly. The internet was a lot better on this newer laptop. In my last review, I complained about how slow it was and how the connection was so-so. In the B4, both of those problems have been fixed. It is quick, always connects, and is really very nice. If you don’t want to go on the web to read the new Freedom to Tinker article, “News Reader” lets you subscribe to websites’ feeds. In the games category, “Connect” is a game which can only be played on two separate OLPC laptops . The game is a little like tick tack toe. If you’ve ever played “Connect 4”, that’s the same game. If you want to watch some video clip from the web, “watch and listen”, OLPC’s media player, has you covered. Want some music? Use “tamtam”. This application is similar to Garageband, but not quite the same. Last but not least is “Record”. On the B2, “record” just took pictures with an okay camera. On the B4, you can take pictures with a pretty good camera AND record video with no time limit (as far as I can tell). I was surprised and overjoyed to discover I could take video with the new one.

One of the coolest applications is called simply “Chat”. It is basically an IM-ish kind of thing that works between all OLPC laptops. Since I got two laptops from OLPC, I could test out the chat application with my friends and family. I spent a lot of time having silent conversations with the friend sitting across the room, so that was fun. Etoys is another cool application, and it is definitely the program of a genius technologist. Although it is difficult to understand and use, once you get into the swing of things, it’s awesome. To use Etoys you make a “sketch” on the computer, then save it, and that’s where the fun begins. You can write “scripts” that make the sketch move around the screen in the way that you want. You can put it in “books” that have multiple pages for a flip book or make animations with it (ie. a bouncing ball, flying bird, eating kid, etc.). In Turtle Art, you get a chance to write a simple program that makes the turtle in the middle of the screen move. It’s very cool.

Last review, I said that my main problem with the computer was its slow speed and its battery charge. And I am happy to say that both of those problems have been fixed in the new version. It has more applications, higher quality camera, more games, a few design changes for the better, and much more. I tested how long it would stay alive by opening it and leaving it open. Surprisingly, it stayed awake for more than four hours! And some other testing revealed that the B4 does, in fact, auto save your documents and stuff if it runs out of battery while an unsaved document is on it. I like that feature, because there were many times with the B2 that I was typing and it just died, leaving me rather stunned for a couple seconds until I came to my senses and wearily plugged it in. Then it would take hours to charge up again. But in the B4, it charges up really quickly. Another minor turn for the better is the plug. Now they are greener, more round, easier to hold, and they have the XO sign on them.

I thought that this version was way better than the last one. It was just easier to figure out, more fun to spend time on, just better. It’s going to be hard to send it back to OLPC, but I’m going to have to. It’s great that they’re going to start selling them to the public. (You have to buy two, and you send one to a needy kid in a third world country and keep one for yourself. Read about it in the New York Times… …) I hope I can get one!

For a regular laptop, this would be the paragraph about its problems, its deficiencies. But the thing is, there aren’t any problems with this computer! Congratulations, OLPC. You’ve done it. Or will you come out with yet better laptops? Is that even possible? We’ll have to see…

avatar

OLPC Review Followup

Last week’s review of the One Laptop Per Child (OLPC) machine by twelve-year-old “SG” was one of our most-commented-upon posts ever. Today I want to follow up on a few items.

First, the machine I got for SG was the B2 (Beta 2) version of the OLPC system, which is not the latest. Folks from the OLPC project suggest that some of the problems SG found are fixed in the latest version. They have graciously offered to send an up to date OLPC machine for SG to review. SG has agreed to try out the new machine and review it here on Freedom to Tinker.

Second, I was intrigued by the back-and-forth in the comments over SG’s gender. I had originally planned to give SG a pseudonym that revealed SG’s gender, but a colleague suggested that I switch to a gender-neutral pseudonym. Most commenters didn’t seem to assume one gender or the other. A few assumed that SG is a boy, which generated some pushback from others who found that assumption sexist. My favorite comment in this series was from “Chris,” who wrote:

Why are you assuming the review was written by a boy?
At 12 we’re only two years from 8th grade level, the rumored grail (or natural default) of our national publications. SG, you’re clearly capable of writing for most any publication in this country, you go girl! (even if you are a boy)

Third, readers seem to be as impressed as I was by the quality of SG’s writing. Some found it hard to believe that a twelve-year-old could have written the post. But it was indeed SG’s work. I am assured that SG’s parents did not edit the post but only suggested in general terms the addition of a paragraph about what SG did with the machine. I suggested only one minor edit to preserve SG’s anonymity. Otherwise what you read is what SG wrote.

Though sentences like “My expectations for this computer were, I must admit, not very high.” seem unusual for a twelve-year-old, others show a kid’s point of view. One example: “Every time you hit a key, it provides a certain amount of satisfaction of how squishy and effortless it is. I just can’t get over that keyboard.”

SG is welcome to guest blog here in the future. Kids can do a lot, if we let them.

[Update (June 2012): I can reveal now that SG is a girl: my daughter Claire Felten.]

avatar

One Laptop Per Child, Reviewed by 12-Year-Old

[I recently got my hands on one of the One Laptop Per Child machines. I found the perfect person to review the machine. Today's guest blogger, SG, is twelve years old and is the child of a close friend. I lent the laptop to SG and asked SG to write a review, which appears here just as SG wrote it, without any editing. –Ed]

[Update(June 2012): I can reveal now that SG is my daughter, Claire Felten.]

I’ve spent all of my life around computers and laptops. I’m only 12 years old though, so I’m not about to go off and start programming a computer to do my homework for me or anything. My parents use computers a lot, so I know about HTML and mother boards and stuff, but still I’m not exactly what you would call an expert. I just use the computer for essays, surfing the web, etc.

Over the last few days, I spent a lot of time on this laptop. I went on the program for typing documents, took silly pictures with the camera, went on the web, played the matching game, recorded my voice on the music-making application, and longed for someone to join me on the laptop-to-laptop messaging system. Here is what I discovered about the OLPC laptops:

My expectations for this computer were, I must admit, not very high. But it completely took me by surprise. It was cleverly designed, imaginative, straightforward, easy to understand (I was given no instructions on how to use it. It was just, “Here. Figure it out yourself.”), useful and simple, entertaining, dependable, really a “stick to the basics” kind of computer. It’s the perfect laptop for the job. Great for first time users, it sets the mood by offering a bunch of entertaining and easy games and a camera. It also has an application that allows you to type things. The space is a little limited, but the actual thing was great. It doesn’t have one of those impossible-to-read fonts but it was still nice. When the so-so connection allows you to get on, the internet is one of the best features of the whole computer. With a clever and space-saving toolbar, it is compact, well designed, accessible, and fast.

But, unfortunately, the internet is the only fast element of the computer. My main problem with this laptop is how very slow it is. It’s true that I am used to faster computers, but that’s not the problem. It’s just really slow. I had to wait two minutes to get onto one application. That’s just a little longer than I can accept. Also, it got slower and slower and slower the longer I went without rebooting it. I had to reboot it all the time. We’re talking once every two or three hours of use! And one of the most frustrating things about the system was that it gave no warning when it was out of power (as it was often because it lost charge very quickly) but just shut down. It doesn’t matter if you’re working on your autobiography and you had gotten all the way to the day before yesterday and forgotten to save it, it just shuts off and devours the whole thing.

This laptop is definitely designed for harsh conditions. Covered in a green and white hard plastic casing, it is designed not to break if dropped. It has a very nice handle for easy transportation and two antennas in plastic that can be easily put up. Once you open it, you see the screen (pretty high resolution) and my favorite part of the computer: the keyboard. It’s green rubber so that dust and water won’t get in under the keys, and this makes the keyboard an awesome thing to type on. Every time you hit a key, it provides a certain amount of satisfaction of how squishy and effortless it is. I just can’t get over that keyboard. There is also a button that changes the brightness of the screen. The other cool thing is that the screen is on a swiveling base, so you can turn it backwards then close it. This makes the laptop into just a screen with a handle.

All in all, this laptop is great for its price, its job, and its value. It is almost perfect. Just speed it up, give it a little more battery charge hold, and you have yourself the perfect laptop. I’m sure kids around the world will really love, enjoy, and cherish these laptops. They will be so useful. This program is truly amazing.

avatar

Staying Off the Regulatory Radar

I just returned from a tech policy conference. It was off the record so I can’t tell you about what was said. But I can tell you that it got me thinking about what happens when a tech startup appears on policymakers’ radar screens.

Policymakers respond to what they see. Generally they don’t see startups, so startup products can do whatever makes sense from a technical and customer relations standpoint. Startups talk to lawyers, they try to avoid doing anything too risky, but they don’t spend their time trying to please policymakers.

But if a startup has enough success and attracts enough users, policymakers suddenly notice it and everything changes. To give just one example, YouTube is now on the radar screen and is facing takedown requests from national authorites in places like Thailand. (Thai authorities demanded takedown of an unflattering video about their king.) The cost of being on the policy radar screen can be high for online companies that have inherently global reach.

Some companies respond by changing their product strategy or by trying to outsource certain functions to other companies. We might even see the emergence of companies that specialize in coping with policymakers, making money by charging other tech-focused companies for managing certain parts of their technology.

Perhaps this is just another cost of scaling up a service that works well at smaller scale. But I can’t help wondering whether companies will change their behavior to try to stay off the radar screen longer. There’s an old strategy called “stealth mode” where a startup tries to avoid the attention of potential competitors by keeping secret its technology or even its very existence, to emerge in public at a strategically chosen time. I can think of several companies that wish for a new kind of stealth mode, where customers notice a company but policymakers don’t.