A Dark Cloud

If an external party can control when or how you can use a device or decide on what you can or cannot see, or select what programs you can install on it, do you still own it?

Twice in the last two weeks, event appear to have highlighted the potential downside of cloud computing: last week, Amazon had over-reached automatically deleted books that end users had legally purchased from its store, issuing refunds but also obliterating any notes people had taken on those pages. This week, news that 4chan.org, an influential (albeit not safe for work) site was blocked by AT&T, raising potential questions as to whether ISPs have too much control over what we can and cannot see.

The Kindle Incident

For readers who may not know this, Amazon unveiled an interesting electronic reader called the Kindle, allowing people who bought it to legally purchase electronic copies of books. Along the way, Amazon also opened up a program allowing small publishers to publish books directly into their marketplace.

However, it appears that Amazon’s own quality control seemed to fail when it came to establishing ownership of the intellectual property uploaded to its site when two titles by George Orwell, Nineteen Eighty Four and Animal Farm, were uploaded and sold by a rogue bookaneer.

Subsequently discovering that it had sold e-books for which the publisher did not have rights, Amazon issued refunds to its customers and removed the books from the user’s device. Where it gets a little gray in terms of what they did is that, along with the removal of the books, they also removed any annotation users already had made, thus erasing content that was created ON the device if not FOR the device. The New York Times story on the deletion listed the following:

Justin Gawronski, a 17-year-old from the Detroit area, was reading “1984” on his Kindle for a summer assignment and lost all his notes and annotations when the file vanished. “They didn’t just take a book back, they stole my work,” he said.

Beyond the irony of Amazon throwing a book like Nineteen Eighty Four down the memory hole (a large incinerator in that book), Amazon’s action raise troubling questions as to the ability of online providers to remove content they have not created. I leave it to legal scholar to assess whether Amazon could actually be considered to have infringed on the intellectual property rights of people whose annotations were removed along with the books.

Amazon was justified in protecting the copyright holders for the infringing books but where it went wrong is when it over-reached by deleting content that was created by its customers. In that particular case, one could argue that Amazon was responsible for censorship. The company will need to change its systems and policies to ensure that it does not impede the customer’s experience. While it currently has only removed a couple of titles along with annotations, the company should ensure that it keep annotations separate so that any further title removal does not destroy user generated content. An extra nice move would be if the company were to replace the titles with their legal equivalent. The common should also be a lot more thorough in verifying intellectual property claims before offering titles, especially since they control every piece of the delivery chain from the intellectual property holder to the reader.

AT&T and 4chan.org

In a somewhat related incident, AT&T had a recent run-in with one of the most influential (and that does not necessarily mean good) entity on the internet: the 4chan.org community. 4chan is primarily and image and discussion board and word started to spread that AT&T customers had lost accesses to its images over the weekend. After a substantial amount of noise in several online forums, AT&T claimed that it had blocked the site because it was suffering from a denial of service attack from it.

What is interesting here is that AT&T acted without prior notice and blocked a site without providing any information upfront as to the reason for blocking the site. While AT&T stopped blocking the site as the result of a concerted effort by its fans, the founder of 4chan hit the nail on the head when he said (emphasis is mine):

In the end, this wasn’t a sinister act of censorship, but rather a bit of a mistake and a poorly executed, disproportionate response on AT&T’s part. Whoever pulled the trigger on blackholing the site probably didn’t anticipate [nor intend] the consequences of doing so. We’re glad to see this short-lived debacle has prompted renewed interest and debate over net neutrality and internet censorship—two very important issues that don’t get nearly enough attention—so perhaps this was all just a blessing in disguise.

Net Neutrality is the basic idea that any broadband provider should offer access to the internet without any limitations as to what kind of content can be accessed and here we have an example of an ISP selectively blocking a site. While the AT&T example is only the most recent one to come to light, it appears that this is a phenomenon that could become more common as internet service providers decide what kind of content takes too much bandwidth or for other reasons.

In the past, such censorship would have meant that a provider censoring access were to be considered as a publisher. In 1995, with Stratton Oakmont vs. Prodigy, the supreme court of the United States held that online services which were removing content from their online forums could be considered as publishers and therefore held liable for any content they gave users access to. Since then, Lobbyists in the telecom industry have ensured that such decision would no longer be applicable by getting the US Congress to amend the US code and reverse the Supreme Court decision.

The Urge to kill(switch)

About a year ago, a storm arose around rumors that Apple’s iPhone devices were sporting code that could disable applications running on them. The existence of such code, also known as a kill switch, was later confirmed by Steve Jobs:

Jobs confirmed that iPhones routinely check an Apple Web site that could, in theory, trigger the removal of the undesirable software from the devices.

He told the paper that Apple needed the capability in case it inadvertently allowed a malicious program to be distributed to iPhones through the App Store.

Once again, we see here a company with the best of intentions (protecting people from malicious programs) with its finger on a button that could be very scary if misuse. It is worth noting that Apple is not uniquely in this position as Google fessed up to having similar code embedded in Android-based phones:

Google may discover a product that violates the developer distribution agreement … in such an instance, Google retains the right to remotely remove those applications from your device at its sole discretion

And while one may think that such devices are limited to high end cell phones catering to a limited community, it appears that such devices are now becoming more common in children computers, cheap laptops, and even cars. And while many will claim that the solution to this is to open up source code, the Mozilla foundation itself has admitted to the appearance of such kill switch in the popular Firefox browser.

So kill switches are there for the best of intentions but how does one define those?

Apple and the App Store

The same kind of issue arises out of the treatment of applications to enter the Apple Application Store. A month doesn’t seem to pass by without another example of a developer seeing Apple remove his/her programs from their store.

The latest example is that of a developer who apparently committed the crime of offering an application that allowed iPhone users to use Google Voice, a Voice over IP program. And apparently, similar applications were subsequently removed from the Apple App Store.

While no official word has been given as to whether the fact that application were potentially representing a threat to the business model of Apple’s exclusive partners in the telecom industry, it doesn’t seem to be too much of a stretch to think so.

Can such intention be considered in the best interest of the end user? or in the best interest of the device manufacturer? And can such intention be changed retroactively, leveraging the presence of an existing kill switch?

Questions about the future?

In a previous entry, I’ve argued that we were moving to an economy where goods tended to be rented rather than bought. Embedded in what I was trying to communicate there was the question around what ownership actually means.

If an external party can control when or how you can use a device or decide on what you can or cannot see, or select what programs you can install on it, are you still owning it?

And while today’s corporate interventions are based on the best of intentions, what about tomorrow’s? or the next day’s? Will those intentions still sync up with yours?

About the Author

Tristan Louis

Writing and working on the internet since 1993, I've launched 6 companies, of which 2 (internet.com and Earthweb) went public and two were sold (Net Quotient and MoveableMedia). My latest, Keepskor provides tools allowing anyone to develop mobile and connected TV games without writing a line of code. This is my personal site and all opinions here are mine.

  • Al

    Ask a PC user about the hit lists in their anti-virus software. They are always isolating and erasing software on Windows computers.

    As well, Microsoft has a part of it’s monthly OS security update search the entire storage drive(s) on every PC and erase programs that are on it’s hit list.

    Now what if either one of these entities erases something a Windows user does not want erased? These erasures happen several times a month for most Windows PC users! It could happen!

    The horror! We must stop this!

    “And while today’s corporate interventions are based on the best of intentions, what about tomorrow’s? or the next day’s? Will those intentions still sync up with yours?”

    I say we stop the Windows anti-virus makers and Microsoft’s security updates right now! If anyone can’t be trusted it’s those bastards.

    Thank God I use a Mac.

  • Brett Glass

    The above is paranoia. Should every ISP publish a press release when it blocks a denial of service attack?

  • http://www.tnl.net/blog/ Tristan Louis

    Brett,

    It is true that a bit of paranoia inspired this post but remember that only the paranoid survives :) I’m not asking for ISPs to publish a press release but maybe something more akin to what the Mozilla foundation does, which is publish a list of the sites that have been blocked (you can find their list here ). This kind of transparency goes a long way towards restoring trust.

  • http://www.tnl.net/blog/ Tristan Louis

    AI,

    It’s an interesting line but even virus scanners alert you and allow end users to decide whether to delete a file or just quarantine it. End of day, the user ought to have the right to make the decision.

    More importantly (and somewhat more worrisome, in my view) is when a company like Amazon goes ahead and deletes NEW content that has been created on a device (as was the case with annotations on the book they deleted). That seems to be stepping over a line…

  • Craig Trader

    Brett …

    Why, yes, yes they should. Or they could just update a blog with the same information. If my ISP chooses to block something, then I want to know — if only so I don’t waste my time trying to reach it. More importantly, I want to know WHY. If you, as an ISP, block data coming from an address because you think its part of a DDOS, then let your customers know — and they’ll appreciate it. Block data from an address because you think its an evil P2P site, then your customers will probably hate you, but at least you’ll be able to point to your TOS agreement and disarm the hate. The current standard ISP policy (leave the customer in the dark and then do retroactive damage control if someone cares) is contemptuous of the customer, and only leads to misunderstandings and bad press.

    At this point you’ll argue that if you tell people what you’re blocking, they’ll work around it somehow, probably by using proxies or TOR or some other technology that’s otherwise proscribed by your TOS. News flash: they will anyway, but attempting to hide what you’re doing will just annoy your legitimate / TOS-abiding customers.