I don’t mind sterile technologies in principle — I like the idea of taking the rough-hewn innovations that spring from the Internet and packaging them into cleaner, more reliable forms.  I love my TiVo.  (Indeed, that used to be the first sentence of the book. Then I went with the iPhone.) I even appreciate that sterile technologies can come about without having to emulate the products of generative ones — not every toaster comes from nerds experimenting with heating elements.

My worry, though, is that we’ll lose a sense of equilibrium between the generative and sterile spheres, and that the emergence of contingently generative technologies — platforms that are open to third party innovation at first, but then close off selectively — will squeeze out fully generative technologies, to the detriment of innovation and enhancement of exquisite regulatory control. This is in part because the amateur nerds that drive innovation here rarely read the fine print; teenagers will code for the Facebook, iPhone and Google platforms without thinking about the ways in which their advances can be eliminated or proprietized.

Adam’s point of view is sympathetic to markets and skeptical of government intervention. He rightly asks why the market doesn’t just solve this. For that, I point to my reply to similar questions raised to parts of FOI that have been excerpted in the Boston Review:

Will the market solve this problem? Generative technologies allow consumers to become participants: to change technologies for themselves or to adopt improvements offered by others not operating through the usual mechanisms of the firm. Whether this is a market force depends on how broadly we define the term. Is any voluntary behavior endogenous to a market? Or are only those choices that have to do with purchases? If a group of people coalesces in Central Park for a game of Ultimate Frisbee, is the market for Ultimate working its magic? The question is important because often we rely too readily on the solutions proposed by firms and government. If there’s litter in a public space, the government should fine violators and clean it up, or pay a firm to do so. But the amount of litter in a park may depend not so much on the rules against it or the schedule for cleaning, but rather on the habits and normative commitments of the people who use it.

The solutions to the generative dilemma that I find most interesting are ones that don’t assume a zero-sum tradeoff between generativity and security. If we narrow ourselves to firms offering some devices that are generative but quickly compromised, and others that are sterile or contingently generative, but incapable of generating whimsical change, the market will no doubt achieve equilibrium somewhere along the axis. Bruce Owen figures that demand will create supply and the optimal point will be achieved. But Owen’s faith in the market ignores the role that a civic instinct can play if people take shared responsibility for their own and others’ security. To do so, they will need certain tools. But those tools may not be money makers, thus the market may not produce them. If the reply is “well, yes, but someone named Jimbo was moved to produce Wikipedia, and his charity is part of the market,” then the market is circularly defined as every possible action by someone. We can contribute more to our shared public life than what results indirectly through our buying or voting.

Moreover, the market may have trouble pricing the benefits of generative platforms. Behavioral economics is beginning to confirm the conventional wisdom that people do not plan very well. This is true in the PC market where people making platform investment decisions rarely weigh the unknown as part of their thought processes. They buy the PC for email or Web surfing, and only later find that it can be used for Internet telephony. And often the platform’s buyer is not the same as the user. Much of the revolution in PC software has taken place through user adventurousness on office computers acquired by companies for other reasons. What the economists might call an “agency gap” has produced great things. The true value of generative technologies is too easily dismissed when portrayed, á la Owen, as “the extent to which end-users and their communicants may indulge the whim to customize these tools.” What’s at stake is not just setting wallpaper style on your iPhone, but the very Net generativity that has facilitated entire new markets and social relationships.

Looking back, the market produced some sterile, competing consumer networks—CompuServe, the Source, and the like. Non-market forces led production on another course—the Internet. To be sure, the Internet’s reach was greatly extended through its later commercialization, but had the Internet’s architecture been obvious enough for the market to discover it, no modest government subsidies would have been needed. Sperry Rand, IBM, and Prodigy would have easily outpaced academics in producing the technologies underlying the dot-com boom. They did not.

I imagine Adam might agree with me on not reaching too quickly to government for solutions — the question is whether some of the cooperative solutions (rather than regulatory interventions) I suggest have any traction for a market-oriented thinker.

Update: lessig08.org is live:

I have decided I want to give as much energy as I can to the Change Congress movement. I will decide in the next week or so whether it makes sense to advance that movement by running for Congress.

Much more detail there, including this:

A Cayman Island bank and its Swiss parent company filed for an emergency restraining order in a California court asking the registrar for wikileaks.org to change its entry in the .org registry so that people can no longer get to the corresponding IP address for Wikileaks.  It worked: trying to visit wikileaks.org results in a page not found, even though the server that is its destination is presumably still up and running.

The details are still coming in, and there’s a very lucid summary by my colleagues at the Citizen Media Law Project. The initial injunction was not even fashioned as a temporary restraining order, which is puzzling since no one from Wikileaks was even there to argue its case. (It also seems to order anyone who reads the order not to leak to any of the documents — I wonder if my telling you that means you already are as good as bound by the court, at least if you’re in California.) An amended injunction has already been filed, and a fuller hearing will be held soon.

In the meantime, the other Wikileaks sites remain up with the documents and with everything else.

This update fixes a vulnerability that an attacker can use to overwrite the contents of your computer’s memory with malicious code. This update also contains an improvement that enhances the stability of Entourage.

So … routine. It does not bode well that years after the release of a major piece of software from a competent vendor there are still vulnerabilities that are as casually breathtaking as these. (A nice cherry on the sundae that Entourage’s stability is improved, too…)

When Jane installs a Facebook application, the application is given the ability to see anything that Jane can see. This means that the application can request information about Jane, her friends, and her fellow network members. The owner of the application is free to collect, look at, and potentially misuse this information. The Facebook Terms of Use agreement tells application developers not to do this, but Facebook has no way of finding out or stopping them.

This is true — the point of enabling Facebook apps is so outsiders can write new code to make use of the data within one’s Facebook profile. A similar leap of faith is required anytime someone runs a new piece of software on Windows, Linux, or a Mac: generally that software will have the keys to the user’s kingdom, able to access any and all data on the hard drive (or beyond, if the user has access to network shares), and to ship it off anywhere. (Much software now has auto-update and other Net communications capability independent of whatever it’s supposed to do.) Felt did some tallying of apps and found that many of them don’t really need that access.  For example, a Facebook app that lets you send a New Year’s greeting to all your friends (and announce as much in your newsfeed and theirs) doesn’t need to know your birthday. Felt and a co-author calculate a percentage of apps that get more access than they need; this is probably an uninformative number, because the universe of applications is now arbitrarily big, and it can’t easily take into account the popularity of each app. But suffice it to say that plenty of apps that people install can, if the app authors wanted, access one’s private data at any time. Felt points out that the data could then be extracted and sent to marketers or worse. Facebook policies make developers promise not to do such things, and Facebook technology has a few restrictions on what the apps can see — they can’t see users’ email addresses, for example — but the promise alone could, it is true, be ignored.

So — is this problem any different from the potential abuse that can come from installing any desktop app?  Perhaps in two ways. First, a Facebook app might be thought to have access to more sensitive data than available on one’s machine — birthday, religion, etc., are offered up for the plucking in a way that they are not on one’s hard drive. On the other hand, there are surely much more sensitive documents on a hard drive, and that someone would enter data into Facebook at all suggests a threshhold willingness to share that isn’t present with the data accessible to a desktop app.

But there is another difference at work: partly because of technology and partly because of historical inertia, Facebook can more obviously be asked to play a gatekeeper role with its apps than an OS maker can with its desktop apps. Felt’s solution to the problem she identifies is to have Facebook run interference — serve as a proxy — between most apps and the data they presumably don’t really need. The app can say to Facebook, “Display the user’s birthday in the upper right corner of the screen,” without having to know the user’s birthday. Only in a few instances, they say, must an app really access the data in order to work.

For apps that do need that data, Felt suggests that the user could be prompted. This takes advantage of the fact that unlike the information on a hard drive, data on Facebook is already nicely organized — one’s birthday is placed into the “birthday” field, and can be pre-labeled as sensitive. This is an interesting and measured solution, but it carries a cost. First, as Facebook and its apps — still brand new! — evolve, much of the data of interest to people and the apps they install may not be located in such readily-defined fields. How to treat that without an excess of prompts to the user? Second, this puts Facebook increasingly in the position of gatekeeper, a position that Facebook itself may not even want to be in. The more it must take responsibility for the apps running on its system, the more it will be tempted — or pressured — to confine the possible abuses of those apps. The hurdles that are erected to prevent abuse can too often prevent good experimentation, too.

Social networks are rightly recognized as powerful, even transformative. The ability for unaccredited third parties to write apps that users can run to access their data and do cool things with it further leverages their power. The wild card of the platform makers’ power over those apps creates a range of options simply not available to the OS makers that preceded Web 2.0, and being put out of business by it.

Filters can be put in the applications for example. You know, one could have a filter on the end user’s computer that would actually eliminate any benefit from…encryption because if you want to hear it, you’d have to decrypt it, and at that point the filter could work.

Filtering at the network may seem more thorough, since it can block everyone at once from the filtered stuff. But so long as there are generative — user-reprogrammable — endpoint boxes, network filtering is vulnerable to the cat-and-mouse game of circumvention. Especially if the entity implementing the network block is only doing so sullenly, under pressure — as is essentially the case when intermediaries like ISPs or search engines are pushed to block content — network filtering can be simultaneously crude (and therefore overbroad) and leaky (and therefore ineffective).

Filters placed at or near the endpoint device — in the user’s box itself, or in the cable modem that mediates access to the larger network — can be much more refined. They do not contravene the “end-to-end argument” that has many network engineers leery about “smarts,” including filtering, placed within the network cloud or built into its fundamental protocols. And, if the box itself can be bolted down, they do not suffer the same cat-and-mouse problem as network filtering does. That’s one reason why the RIAA’s Sherman perceives that anti-virus software could be a vector for control over unauthorized copying: security software already has to be largely bolted down to prevent users from mistakenly disabling it and allowing in a virus, or to prevent a malicious script that imitates the user from shutting it down. Moreover, in many environments — corporate, library, educational, cyber cafe — the PC is already bolted down against installation of new software, in order to keep it from immediate compromise by a malicious or clueless user. So it’s not an unthinkable move from there to pressure the intermediaries of those environments to include such filtering.

Whether you’re for or against technical means to prevent unauthorized copying, our evolution away from generative endpoint boxes and towards “sterile” appliances like iPhones — highly useful devices that cannot be changed by their users, but that can be updated instantly by their vendors — is reworking the equation of what can be done to monitor and affect people’s online behavior.

TiVo introduced the first digital video recorder (DVR) in 1998. It allowed  consumers to record and time-shift TV shows. After withstanding several claims that the TiVo DVR infringed other companies’ patents because it offered its users on-screen programming guides, the hunted became the  hunter. In 2004, TiVo sued satellite TV distributor EchoStar for infringing TiVo’s own patents6 by building DVR functionality into some of EchoStar’s  dish systems.

A Texas jury found for TiVo. TiVo was awarded $90 million in damages and interest. In briefs filed under seal, TiVo apparently asked for more. In August 2006, the court issued the following ruling:

Defendants are hereby . . . to, within thirty (30) days of the issuance of  this order, disable the DVR functionality (i.e., disable all storage to and playback from a hard disk drive of television data) in all but 192,708 units of the Infringing Products that have been placed with an end user or subscriber.

That is, the court ordered EchoStar to kill the DVR functionality in products already owned by “end users”: millions of boxes which were already sitting in living rooms around the world with owners who might be using them at that very instant. Imagine sitting down to watch television on an EchoStar box,  and instead finding that all your recorded shows had been zapped, along with the DVR functionality itself—killed by remote signal traceable to the stroke of a judge’s quill in Marshall, Texas.

With EchoStar’s lost appeal, that moment is now closer.

Such remote remedies are not wholly unprecedented. In 2001, a U.S. federal court heard a claim from a company called PlayMedia that AOL had included PlayMedia’s AMP MP3 playback software in version 6.0 of AOL’s software in violation of a settlement agreement between PlayMedia and a company that AOL had acquired. The court agreed with PlayMedia and ordered AOL to prevent “any user of the AOL service from completing an online ‘session’ . . . without AMP being removed from the user’s copy of AOL 6.0 by means of an AOL online ‘live update.’”

TiVo v. EchoStar and PlayMedia v. AOL broach the strange and troubling issues  that arise from the curious technological hybrids that increasingly populate the digital world. These hybrids mate the simplicity and reliability of television- like appliances with the privileged power of the vendor to reprogram those appliances over a network. 

We’ll be seeing more and more of these cases crop up.  As our information appliances become exclusively tethered to their makers, the feature (for the maker, and sometimes the user) of being able to update it instantly also become the bug (for the maker, and usually the user) of being ordered to update it instantly. Randy Picker has written a terrific paper arguing that such tethering is a good thing — and that regulators should act to force manufacturers to tether their devices to they be updated later to conform to new or changing legal standards. I think he’s wrong, and in the book try to articulate what’s wrong with his position. His is the presumption to rebut, since actions like demanding the frying of a patent-infringing DVR are completely consonant with the law as it is today — it’s just that there hasn’t been that ability before.

The judicial logic for such an order is drawn from fundamental contraband rules: under certain circumstances, if an article infringes on intellectual prop- erty rights, it can be impounded and destroyed. Impoundment remedies are  usually encountered only in the form of Prohibition-era-style raids on warehouses and distribution centers, which seize large amounts of contraband before it is sold to consumers. There are no house-to-house raids to, say, seizebootleg concert recordings or reclaim knockoff Rolexes and Louis Vuitton  handbags from the people who purchased the goods.

TiVo saw a new opportunity in its patent case, recognizing that EchoStar’s dish system is one of an increasing number of modern tethered appliances. The system periodically phones home to EchoStar, asking for updated programming for its internal software. This tethered functionality also means Echo-  Star can remotely destroy the units. To do so requires EchoStar only to load its central server with an update that kills EchoStar DVRs when they check in for new features.

From what I can tell, the stay pending appeal is now dissolved — which would mean that the 30-day clock is ticking towards hundreds of thousands of fried EchoStar boxes in people’s homes.

Bonus points for those who can figure out or guess why the order excludes 192,708 units from the kill order!

Update: EchoStar is suggesting that they’ve remotely updated their units to be “next generation.” Perhaps this means they think they’ve invented around the patent — in which case they could claim that the order to fry the boxes no longer makes sense. But the order was pretty clear, and it seems to me that more arguments would be needed in front of the judge to get the order lifted. No word yet on whether TiVo is pushing for the order to be executed.

The response to the claim that there’s a real problem here is sometimes that it’s Microsoft’s fault. For example, I endured benefited from a drubbing set of comments along these lines on Groklaw on the paper I wrote first discussing the issue.

But the fact is that (1) Macs have their own security vulnerabilities; (2) interoperability creates avenues for infection that can cross platforms; and (3) the core problem is that generative platforms — where people can choose what code to run — are all vulnerable to people being tricked into running the wrong code. For example, now there’s a fake codec floating around targeting Mac users. Being only 5% of the installed base can only go so far to help one avoid the baleful attention of malware authors!

Thus our efforts at StopBadware …