Feed aggregator

IEEE blows it on the Security & Privacy copyright agreement

Freedom to Tinker - Sat, 2012/02/11 - 00:35

Last June, I wrote about the decision at the business meeting of IEEE Security & Privacy to adopt the USENIX copyright policy, wherein authors grant a right for the conference to publish the paper and warrant that they actually wrote it, but otherwise the work in question is unquestionably the property of the authors. As I recall, there were only two dissenting votes in a room that was otherwise unanimously in favor of the motion.

Fast forward to the present. The IEEE Security & Privacy program committee, on which I served, has notified the authors of which papers have been accepted or rejected. Final camera-ready copies will be due soon, but we've got a twist. They've published the new license that authors will be expected to sign. Go read it.

The IEEE's new "experimental delayed-open-access" licensing agreement for IEEE Security & Privacy goes very much against the vote last year of the S&P business meeting, bearing only a superficial resemblance to the USENIX policy we voted to adopt. While both policies give a period of exclusive distribution rights to the conference (12 months for USENIX, 18 months for IEEE), the devil is in the details.

For the IEEE, authors must assign "a temporary joint and undivided ownership right and interest in all copyright rights" to the IEEE, giving the IEEE an exclusive to distribute the paper for 18 months. Thereafter, the license "expires."

Those quotation marks around "expires" are essential, because there's language saying "IEEE shall nonetheless retain the sole and exclusive right to archive the Work in perpetuity" which sounds an awful lot to me like they're saying that the agreement doesn't actually expire at all. It just moves into a second phase. For contrast, USENIX merely retains a non-exclusive right to continue distributing the paper. That's an essential difference.

There are some numbered carve-outs in the IEEE contract that seem to allow you to post your manuscript to your personal web page or institutional library page, but not to arXiv or anything else. (What if arXiv were to offer me a "personal home page service?" Unclear how this license would deal with it.) This restriction appears to apply in both the initial 18 month phase and the "in perpetuity" phase.

My conclusion: authors of papers accepted to IEEE Security & Privacy should flatly refuse to sign this. I don't have a paper of my own that's appearing this year at S&P, but if I did, I'd send them a signed copy of the USENIX agreement. That's what the members agreed upon.

Disclosure: I am currently running for the board of directors of the USENIX Association. That's because I like USENIX. Of all the venues where I publish, USENIX has been the most willing to break with traditional publishing models, and my platform in running for USENIX is to push this even further. Getting ACM and IEEE caught up to USENIX is a separate battle.

United States v. Jones is a Near-Optimal Result

Freedom to Tinker - Mon, 2012/01/23 - 17:57

This morning, the Supreme Court handed down its decision in United States v. Jones, the GPS tracking case, deciding unanimously that the government violated the defendant's Fourth Amendment rights when it installed a wireless GPS tracking device on the undercarriage of his car and used it to monitor his movement's around town for four weeks without a search warrant.

Despite the unanimous result, the court was not unified in its reasoning. Five Justices signed the majority opinion, authored by Justice Scalia, finding that the Fourth Amendment "at bottom . . . assure[s] preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted" and thus analyzing the case under "common-law trespassory" principles.

Justice Alito wrote a concurring opinion, signed by Justices Ginsburg, Breyer, and Kagan, faulting the majority for "decid[ing] the case based on 18th-century tort law" and arguing instead that the case should be decided under Katz's "reasonable expectations of privacy" test. Applying Katz, the four concurring Justices would have found that the government violated the Fourth Amendment because "long-term tracking" implicated a reasonable expectation of privacy and thus required a warrant.

Justice Sotomayor, who signed the majority opinion, wrote a separate concurring opinion, but more on that in a second.

I think the Jones court reached the correct result in this case, and I think that the three opinions in this case represent a near-optimal result for those who want the Court to recognize how its present Fourth Amendment jurisprudence does far too little to protect privacy and limit unwarranted government power in light of recent advances in surveillance technology. This might seem counter-intuitive. I predict that many news stories about Jones will pitch it as an epic battle between Scalia's property-centric and Alito's privacy-centric approaches to the Fourth Amendment and quote people expressing regret that Justice Alito didn't instead win the day. I think this would focus on the wrong thing, underplaying how today's three opinions--all of them--represent a significant advance for Constitutional privacy, for several reasons:

1. Justice Alito? Maybe I'm not a savvy court watcher, but I did not see this coming. The fact that Justice Alito wrote such a strong privacy-centric opinion suggests that future Fourth Amendment litigants will see a well-defined path to five votes, especially since it seems like Justice Sotomayor will likely provide the fifth vote in the right future case.

2. Justice Scalia and Thomas showed restraint. The majority opinion goes out of its way to highlight that its focus on property is not meant to foreclose privacy-based analyses in the future. It uses the words "at bottom" and "at a minimum" to hammer home the idea that it is supplementing Katz not replacing it. Maybe Justice Scalia did this to win Justice Sotomayor's vote, but even if so, I am heartened that neither Justice Scalia nor Justice Thomas thought it necessary to write a separate concurrence arguing that Katz's privacy focus should be replaced with a focus only on property rights.

3. Justice Sotomayor does not like the third-party doctrine. It's probably best here just to quote from the opinion:

More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. E.g., Smith, 442 U.S., at 742; United States v. Miller, 425 U.S. 435, 443 (1976). This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. Perhaps, as JUSTICE ALITO notes, some people may find the "tradeoff" of privacy for convenience "worthwhile," or come to accept this "dimunition of privacy" as "inevitable," post, at 10, and perhaps not. I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year. But whatever the societal expectations, they can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy. I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.

Wow. And Amen. Set your stopwatches: the death watch for the third-party doctrine has finally begun.

4. This was the wrong case for a privacy overhaul of the Fourth Amendment. Most importantly, I've had misgivings about using Jones as the vehicle for fixing what is broken with the Fourth Amendment. GPS vehicle tracking comes laden with lots of baggage--practical, jurisprudential and atmospheric--that other actively litigated areas of modern surveillance do not. GPS vehicle tracking happens on public streets, meaning it runs into dozens of Supreme Court pronouncements about assumption of risk and voluntarily disclosure. It faces two prior precedents, Karo and Knotts, that need to be distinguished or possibly overturned. It does not suffer (as far as we know) from a long history of use against innocent people, but instead seems mostly used to track fugitives and drug dealers.

For all of these reasons, even the most privacy-minded Justice is likely to recognize caveats and exceptions in crafting a new rule for GPS tracking. Imagine if Justice Sotomayor had signed Justice Alito's opinion instead of Justice Scalia's. We would've been left with a holding that allowed short-term monitoring but not long-term monitoring, without a precise delineation between the two. We would've been left with the possible new caveat that the rules change when the police investigate "extraordinary offenses," also undefined. These unsatisfying, vague new rules would have had downstream negative effects on lower court opinions analyzing URL or search query monitoring, or cell phone tower monitoring, or packet sniffing.

Better that we have the big "reinventing Katz" debate in a case that isn't so saddled with the confusions of following cars on public streets. I hope the Supreme Court next faces a surveillance technique born purely on the Internet, one in which "classic trespassory search is not involved." If the votes hold from Jones, we might end up with what many legal scholars have urged: a retrenchment or reversal of the third-party doctrine; a Fourth Amendment jurisprudence better tailored to the rise of the Internet; and a better Constitutional balance in this country between privacy and security.

This Week in Copyright - SOPA, Golan, and Megaupload

Freedom to Tinker - Fri, 2012/01/20 - 05:43

It has been an exceptionally busy week for copyright policy. We heard from all three branches of the US Federal Government in one way or another, while the citizens of the Internet flexed their muscles in response.

The most covered story of the week was the battle over SOPA and PIPA -- the twin proposed bills that aimed to cut down on online piracy of copyrighted works by giving the government significant new authority to block access to allegedly infringing web sites. Other authors on this blog have pointed out how the bills show inconsistency in the copyright industry's position on regulating the internet, could threaten free speech in repressive regimes, and may ultimately be found by the courts to violate fundamental constitutional liberties. On Wednesday some of the most popular sites on the web "went dark" or otherwise heightened awareness of the issue, and the surge citizen pleas to Congress caused a surprising reversal of momentum in the House and Senate. [Update: Both PIPA and SOPA have now been shelved.]

Buried in the day's developments was the Judicial branch's copyright contribution. In a highly anticipated decision, the Supreme Court ruled on the case of Golan v. Holder. At issue was the question of whether or not Congress had the right to make a law that moved public domain works into copyright. Opponents of this law claimed that such a move violated not only the First Amendment, but also the purpose of the Copyright Clause -- not to mention and age-old legal principles. The majority did not agree, and in a 6-2 vote it stated that individuals do not have any particular right that guarantees their use of the public domain, so they have no claim if Congress removes materials from it. Justices Breyer and Alito dissented, explaining that the ruling upset the delicate balance that the Founders had struck in affording limited monopoly rights to content creators. Nevertheless, the majority clearly demonstrated that the Judicial branch continues to trend toward greater expansion of copyright protection.

On Thursday, the Executive Branch weighed in. The Department of Justice announced that it had seized the domain name and servers of the popular file-sharing site Megaupload and had indicted several of the site's operators. Although Megaupload claimed to be complying with US copyright law -- in particular the notice-and-takedown provisions of the Digital Millennium Copyright Act -- the feds claimed that the operators knew full well that the majority of the content on the site was infringing. Within minutes of the announcement, hacktivist group Anonymous had launched a denial-of-service attack on the Department of Justice web site, which remained unreachable for hours [Update: days].

Opponents of SOPA and PIPA welcomed the opportunity to reflect on why these developments demonstrated the shortcomings of the proposed bills. Some of them noted that the DoJ's actions were done without any additional authority from harmful new bills, while others observed that such approaches to enforcement are ultimately ineffective -- they observed that it was only a matter of time until Megaupload returned, or the many other file-sharing sites filled their shoes. By Thursday night, all four GOP presidential candidates had come out against SOPA.

It is hard to consolidate all of these developments into a coherent story of where things are headed. However, a few things seem clear. First, the SOPA/PIPA backlash is shows us that the internet can help citizens to rally a truly remarkable effort that penetrates the beltway bubble. Second, internet freedom is a compelling and accessible counter-narrative to copyright maximalism and government policing. Third, the courts continue to favor an approach to copyright that emphasizes property rights of those who have already created works over the free speech rights of those who may rely on those works to create new works. Fourth, the enforcement arms of the government are interested in taking ever-more-extreme measures to take down those accused of infringement, and are committing more taxpayer resources to a problem that continues to grow despite their approach.

But perhaps most significantly, this week shows us that there is just plain turmoil in this area. Policymakers are struggling to find good answers, and sometimes their "solutions" provoke far more criticism than praise.

Who won the Iowa primary – and does it matter from a technical perspective?

Freedom to Tinker - Thu, 2012/01/19 - 23:04

As Americans know, the 2012 presidential season began “officially” with the Iowa caucuses on January 3. I say “officially”, because caucuses are a strange beast that are a creation of political parties, and not government.

Regardless, the Republican results were interesting – out of about 125,000 votes cast, Mitt Romney led by eight votes over Rick Santorum, with other contenders far behind. The “official” results released today show Santorum ahead by 34 votes.

However, it’s not so simple as that.

First, there’s the matter of paper ballots. The good news is that Iowa caucuses, unlike primaries and general elections in some states, are recorded on paper. So in a case like this, there’s paper to turn to, unlike all-electronic systems where the results rely on correct software.

Second, there’s the matter of proper chain of custody. In releasing the updated results, it appears that some of the records from the caucuses cannot be located. It doesn’t matter whether the records are paper or electronic – if the chain of custody is weak (or non-existent!), then the results are at best suspect.

Third, and perhaps most importantly, “the early part of the Presidential Primary series is the only case in American politics that I know of where the preliminary election results may be actually more important than the final certified results.” [Thanks to David Jefferson for this observation.] While this is not a technical issue, it points out that our technical solutions for voting systems must recognize the reality that timely accurate results are important – timely results that are wrong aren’t helpful, and slow results that are right will be ignored.

Finally, it’s critical to realize that caucuses, like primaries in some states, are run by the parties, and not by the election professionals. Perhaps if the caucuses were run by the pros, some of these problems might not have happened.

"Stolen" LinkedIn Profiles and the Misappropriation of Ideas

Freedom to Tinker - Mon, 2012/01/16 - 19:19

The common law tort of "hot news" misappropriation has been dying a slow and justified death. Hot news misappropriation is the legal doctrine on which news outlets like the Associated Press have repeatedly relied over the years to try to prevent third-party dissemination of factual information gathered at the outlets’ expense. Last June, the Second Circuit Court of Appeals dealt a blow to the hot news doctrine when it held that financial firms engaged in producing research reports and recommendations concerning publicly traded securities could not prevent a third party website from publishing news of the recommendations soon after their initial release. The rationale for the court’s decision was that state law claims of hot news misappropriation can only very rarely survive federal preemption by the Copyright Act, which excludes facts from the scope of copyright protection. The rule that facts are not eligible for copyright (called the fact-expression dichotomy) is at the heart of the copyright system and serves the interests of democracy by promoting the unfettered dissemination of important news to the populace. Creative arrangements of facts can be protected under copyright law, but individual facts cannot.

Given the declining fortunes of the hot news doctrine, I was a little surprised to discover a recent case out of Pennsylvania called Eagle v. Morgan, in which the parties are fighting over ownership of a LinkedIn account containing the plaintiff’s profile and her professional connections. The defendant, Eagle’s former employer, asserted a state law counterclaim for misappropriation of ideas. Ideas, as it happens, are—like facts—excluded from the scope of federal copyright protection for a compelling policy reason: If we permit the monopolization of ideas themselves, we will stifle the communal intellectual progress that intellectual property laws exist to promote. Copyright law thus protects only the expression of ideas, not ideas themselves. (This principle is known as the idea-expression dichotomy.) Accordingly, section 102(b) of the Copyright Act denies copyright protection “to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied.” The statute really could not be clearer.

In its opinion denying Eagle’s motion for judgment on the pleadings, the trial court did not consider whether the state law tort of misappropriation of ideas is federally preempted by the Copyright Act, which seems to me to be a really important legal question. The court explained that a claim for misappropriation of an idea in Pennsylvania has two elements: “(1) the plaintiff had an idea that was novel and concrete and (2) the idea was misappropriated by the defendant.” To determine whether a misappropriation has occurred, the court further explained, Pennsylvania law requires consideration of three factors:

(1) the plaintiff “has made substantial investment of time, effort, and money into creating the thing misappropriated such that the court can characterize the ‘thing’ as a kind of property right,” (2) the defendant “has appropriated the ‘thing’ at little or no cost such that the court can characterize the defendant’s actions as ‘reaping where it has not sown,’” and (3) the defendant “has injured the plaintiff by the misappropriation.”

Setting aside the oddity of classifying digital information as a “thing,” the first of these factors collides head on with the Supreme Court’s clear repudiation in Feist Publications v. Rural Telephone Service of the “sweat of the brow” theory of intellectual property.

In Feist, the Court held that “sweat of the brow” as a justification for propertizing information “eschew[s] the most fundamental axiom of copyright law—that no one may copyright facts or ideas.” Given copyright law’s express prohibition on the propertization of ideas, there is a strong case to be made that state law claims for misappropriation of ideas are in direct conflict with both the letter and spirit of the federal copyright scheme. On that basis, they are akin to claims of hot news misappropriation, and they should likewise be treated as preempted.

Brazil is the only BRIC country standing ground on Internet Freedom. Here is why.

Freedom to Tinker - Fri, 2012/01/13 - 15:56

A few weeks ago, the New York Times published a piece covering a new report launched by OECD calling member-countries to “promote and protect the global free flow of information”. The article lists three BRIC-members, China, India and Russia, as examples of countries taking actions harmful to online freedom. One BRIC member is missing from the list: Brazil. Despite hiccups, Brazil has been taking a strong position for protecting freedom and other civil rights online. Why is that?

One reason is that Brazil is a rather young democracy. From 1964 to 1985 the country was governed by a military regime, which imposed strict censorship rules. Major artists, newspapers, and tv networks had to submit their activities to prior approval by a censorship board. When democracy was reestablished in 1986, censorship was eliminated, but the trauma of 20 years of repression had been painfully imprinted in the Brazilian society. This trauma has made Brazil very sensitive to new threats of censorship, in its many forms.

Another landmark was a decision taken by the country's Supreme Court in 2009. The court struck down the Press Law, adopted in 1967 by the military government (the same law that had established censorship). When the country was re-democratized, the censorship articles were revoked. Nonetheless, other parts regulating libel, defamation and the “right of reply” survived. The court decided to strike everything down (in spite of a heated debate claiming that the remaining articles were reasonable), stating the law was incompatible with the freedom of expression clause of the Brazilian constitution.

Another factor is that president Dilma Rousseff has been taking a public stance in favor of freedom of expression. It makes sense. In the 1960s, she was imprisoned and tortured during the military regime for participating in a dissident group. Unswervingly, she declared at a recent human rights conference that she “prefers the noise of the press to the silence of the dictatorship”.

Moreover, Brazil has a vigorous civil society, which emerged especially with the country’s new democratic constitution in 1988. Many civil society organizations are concerned with online freedom issues, including consumer associations, artists groups, newspapers and journalists associations, NGOs for education, free and open source software organizations, the academia, lawyers and judges associations, to name a few. Their claims have been taken into account by the political system. Government and Congress in Brazil remain permeable to the civil society. Even if lobbying and special interests do exist and exercise strong influence, it is rather difficult for politicians to save face for policies flagrantly against the public interest.

The strength of civil society reinforced Brazil’s commitment to internet freedom and also led to concrete policy-making. One example is the Marco Civil ("Civil Rights Framework for the Internet”), a draft bill seeking to protect civil rights online, such as freedom of expression and privacy, and to create balanced rules for the liability of internet intermediaries.

The bill is the result of a two-year online debate open to the public at-large. The process was put together by the Ministry of Justice and the Center for Technology & Society, a research center in Rio de Janeiro (full disclosure – I am the director of the Center for Technology & Society, and was involved in the Marco Civil process). The bill was sent to Congress by the Federal government in 2011, with co-sponsorship of five Ministries. Marco Civil has become a well-known issue in the Brazilian public sphere, and it has gathered strong public support. Approval is expected sometime in 2012.

Internationally, some view Marco Civil as an alternative approach to SOPA (Stop Online Piracy Act), the bill currently in discussion in Congress in the US, under strong criticism. While SOPA tilts the balance of the law in the direction of expedite enforcement, by-passing the judiciary in favor of a private notice-and-takedown system, Marco Civil supports a more balanced approach. It seeks to translate the principles established by the Brazilian Constitution into online practices, paying especial attention to due process, freedom of expression, and the protection of an environment favorable to innovation. Because of that, some also view Marco Civil as a counterpoint to ACTA, the controversial Anti-Counterfeiting Trade Agreement, criticized for potentially harming fundamental rights.

Of course the situation in Brazil is not all roses. The Brazilian Ministry of Culture has changed its policies in the beginning of 2011. Under the guidance of the new Minister Ana de Hollanda (claimed to have close ties to the controversial copyright collecting society in Brazil - ECAD - which is currently under investigation for fraud by by a special Congressional Inquiry Commission) has been trying to introduce legislation in Congress for creating a private systems for removing online content, inspired in part by the DMCA. This effort and other actions of the Ministry have raised vast waves of criticism, both by civil society and also by many sectors in the government´s party.

These hiccups, nevertheless, do not change the fact that, for now, Brazil seems to be committed to protect internet freedom against all odds. That is a good way of taking the recommendation of the OECD seriously, and also of setting a good example for the BRIC colleagues.

RECAP Featured in XRDS Magazine

Freedom to Tinker - Wed, 2012/01/11 - 00:02

Harlan Yu and I recently wrote an article for XRDS Magazine entitled Using Software to Liberate U.S. Case Law. The article describes the motivation behind the CITP project called RECAP, and it outlines the state of public access to electronic court records.

Using PACER is the only way for citizens to obtain electronic records from the Courts. Ideally, the Courts would publish all of their records online, in bulk, in order to allow any private party to index and re-host all of the documents, or to build new innovative services on top of the data. But while this would be relatively cheap for the Courts to do, they haven't done so, instead choosing to limit "open" access.

[...]

Since the first release, RECAP has gained thousands of users, and the central repository contains more than 2.3 million documents across 400,000 federal cases. If you were to purchase these documents from scratch from PACER, it would cost you nearly $1.5 million. And while our collection still pales in comparison to the 500 million documents purportedly in the PACER system, it contains many of the most-frequently accessed documents the public is searching for.

[...]

As with many issues, it all comes down to money. In the E-Government Act of 2002, Congress authorized the Courts to prescribe reasonable fees for PACER access, but "only to the extent necessary" to provide the service. They sought to approve a fee structure "in which this information is freely available to the greatest extent possible".

However, the Courts' current fee structure collects significantly more funds from users than the actual cost of running the PACER system.

You can read the full article on the XRDS site.

Applications and Appliances: A Conversation with Jonathan Zittrain

Freedom to Tinker - Mon, 2012/01/09 - 21:39

Professor Jonathan Zittrain is well-known for his concern that the general-purpose computer may be disappearing. The recent rise of app stores is putting his fears in a new light. After trading some thoughts about the issues in the blogosphere, he and I sat down at our respective keyboards for a conversation about the future of computing. This is a lightly edited version of our exchange.

JG: I suppose the place to start is with your concern about “appliances”: single-purpose devices like the TiVo. What’s wrong with boxes that do one thing and do it well?

JZ: Nothing’s inherently wrong with single-purpose devices. The worry comes when we lose the general-purpose devices formerly known as the PC and replace it with single-purpose devices and “curated” general-purpose devices.

JG: In the last few years, the appliance has taken on a new face, thanks to downloadable apps. An appliance with an app store is no longer just a single-purpose device: it can do all kinds of things. But that, you’ve argued, doesn’t really fix the fundamental problem.

JZ: It may look like the best of both worlds, but I worry it’s the worst of both worlds.

JG: I wanted to focus on your critique of the Mac App Store. This one is interesting because it sells programs that run, not on a closed device like the iPhone but on a traditional, general-purpose computer. The day that Apple activated the Mac App Store, it didn’t reduce the Mac’s generativity one iota. Every Mac in the world was just as capable of doing everything it used to be able to do, just as easily. All Apple added was a new way to install programs: so they made the Mac even easier to use, without reducing its power. But you’re skeptical. Why?

JZ: Let’s see how much of an advantage a developer sees from having an app in the App Store vs. “sideloaded,” even on a Mac OS that doesn’t require jailbreaking for sideloading. To the extent that users are looking to the App Store for their wares, it’s a de facto limit on generativity even if not a literal one. But I agree that the real worry is if Mac OS should become routinely configured not to allow sideloading at all.

JG: So let’s take up some of the countervailing arguments. One that’s high on a lot of people’s lists is the idea that an app store is more secure because it’s more tightly controlled. And of coure, security is the major reasons you cite in your book The Future of the Internet for why computer makers and users may be tempted to turn their back on open, generative systems. What do you think the Mac App Store does for security, if anything?

JZ: As a security measure, I give the Mac App Store three out of five stars. That’s because the software it is likely to turn away is more gray market sludge ­ sloppily written or poorly documented ­ than outright badware. There’s nothing to stop a software developer from registering under a cat’s paw, especially to offer a free app, and then build a bomb into the app .­ It could appear exemplary while Apple tests it and users then use it, until a designated H-hour at which point all bets are off.

JG: I might not be so quick to dismiss the security benefits. We know that Apple does run static analysis tools against iOS App Store submissions. And then there’s sandboxing. Regular programs have substantially free run of the computer, but Mac App Store programs are severely restricted in what they can see and do. It’s as if they’re playing safely with soft rubber toys in a glass-encased sandbox: your solitaire game isn’t going to suddenly overwrite your spreadsheets. Doesn’t that have some significant security benefits?

JZ: Sandboxing can prevent some damage from an app bound and determined to wreak havoc, but sandboxing is a phenomenon independent of the App Store: Mac OS could implement it with or without Apple screening the software up front.

JG: True. But sandboxing and Apple’s code review go together. The code review ensures that programs are placed in the smallest appropriate sandbox for their needs. Apple will only let the application have permissions if really needs them to do its job: there’s no reason for a stock ticker to save files to arbitrary places. Without the up-front review, how many developers would voluntarily agree to play only in the sandbox?

JZ: The real question at the intersection of security and freedom is whether the user has an opportunity to choose to override the sandbox’s boundaries. If the user can’t do it, then a bunch of functionality is foreclosed unless Apple chooses to allow it ­ and Apple can be fooled as easily as anyone else by a truly bad actor. If the user can do it, there’s no particular need for the App Store.

JG: This is a question about routine practice and interface design. If I rarely need to override the sandbox’s limits, then when an app comes to me and asks for additional privileges, my eyebrows are more likely to go up.

JZ: Don’t forget that Apple reserves the right not only to prevent software distributions up front, but also retroactively: software can be removed from machines that have already downloaded it. Perhaps helpful in some limited cases of security troubles, but all the more troublesome as regulators realize that cats can be put back into bags.

JG: Well, if we’re thinking about retroactive nuking, Apple has shown that it can uninstall even user-installed programs. After the Mac Defender malware started tricking Mac users into installing it, Apple came out with an operating system update that uninstalled it. Yes, Apple gave users a dialog box with a choice, but technologically, there’s no reason it had to. Do you see a difference between this and the Mac App Store?

JZ: Only in how this evolves our conception of code and who “owns” it: if the app lives in the cloud, our expectations are that it’s a service, and a service can change from day to day. If it’s on our own machines we feel like we own it, and look skeptically — and vendors tread carefully — over attempts to modify it without clearing it with us first.

JG: How much of this is about the fact that this is Apple’s app store we’re talking about? Do you feel differently about app stores that aren’t offered by the same company that controls the hardware and the operating system? So take something like Valve’s highly successful Steam, which is basically an app store for games. It runs on both Windows and Mac, and it handles all of the payment and DRM for the game developers.

JZ: I worry less if there’s not vertical integration, but there’s still a concern if, through natural monopoly, we end up with a single gatekeeper or a mere handful of them. Hence Facebook’s platform as a worry, despite (or because of!) it being not tied to any one OS or browser.

JG: I’d like to bring in an idea from your book: “Red” and “Green” PCs. Your computer would have two “virtual machines,” which couldn’t easily affect each other. The Green one would be for important data and would only run software you were confident in; the Red one would be easy to reset back to a safe point.

JZ: Well, as I say in the book:

“Someone could confidently store important data on the Green PC and still use the Red PC for experimentation. Knowing which virtual PC to use would be akin to knowing when a sport utility vehicle should be placed into four-wheel drive mode instead of two-wheel drive, a decision that mainstream users could learn to make responsibly and knowledgeably.”

JG: I read that and thought it sounded like a good idea. And it was pretty much the first thing I thought of when Apple announced the Mac App Store. Everything you install manually is like the Red PC; everything you install from the Mac App Store is like the Green PC. You have a safe mode for greater security, and an unsafe mode for greater generativity. Since you’re a fan of the Red/Green hybrid between open and closed, why not the Mac App Store hybrid?

JZ: The Red PC isn’t the same as a sandbox. Software developers in a Red/Green environment still only write one piece of code, and it doesn’t have to be otherwise vetted. The whole point of the red zone is to contain any bad effects of iffy code. The point of a sandbox is to mitigate the risks of iffy code, by limiting its functionality outright. This is a subtle but important point. The Mac App Store with a sandbox requirement means that a competent, legitimate developer who wants to do things beyond the sandbox either has to plead a special case or write two versions of the code: one for the Store and one not for the Store.

JG: Can’t this argument be turned back against the Red/Green model? The competent, legitimate developer who wants to write code that indexes and optimally compresses your Word documents needs to plead a special case to whoever controls the green certification. She doesn’t even have the choice to write both red and green versions of her code.

JZ: My conception of the green model is not that it’s guarded by a third party, but that the user gets to place iffy apps into a place where, if they blow up, stuff in the green zone doesn’t get hurt.

JG: I keep coming back to the fact that participation in the Mac App Store is voluntary. And this isn’t just voluntary in the sense that participation in the iOS App Store is “voluntary” because no one held a gun to your head and forced you to write iPhone games. You have no good alternative to the iOS App Store if you want your app to run on an iPhone, but you can perfectly easily write, sell, and distribute software that users install on Macs in the time-honored fashion: clicking on an installer or dragging an icon into the Applications folder. How can adding the Mac App Store as an additional option be a net loss?

JZ: Well, that’s the question. If sideloading is trivial, I’m in your corner. But one wonders why any developer would take the 30% hit in profits to distribute through the App Store if he or she could put it on a Web site and sell it through sideloading. (And, when did the front become the side?!)

JG: Is this really a case against truly voluntary app stores? Put another way, should we be digging in to prevent Apple from offering the Mac App Store, or should we be digging in to prevent Apple from turning off the ability to install programs manually?

JZ: I see it more as a spectrum than a dichotomy. Compare the Mac App Store with a program that provided an Apple Good Housekeeping seal for good code. They’re functionally the same, but wildly different in practice thanks to the power of the default.

Jonathan Zittrain is a Professor of Law at Harvard Law School and the author of The Future of the Internet: And How to Stop It

James Grimmelmann is an Associate Professor at New York Law School.

Bill C-32: Fair Dealing Finally Modernized--With a Catch

Online Rights Canada - Mon, 2010/06/07 - 15:59

Bill C-32, the government’s latest attempt at reforming copyright laws, brings Canadians a Jekyll and Hyde. On a positive note, the bill demonstrates that Parliamentarians were listening to Canadians during the Copyright Consultations last year. It legalizes fair parody and satire, and clarifies that educational use of content can qualify as fair dealing. It also legalizes format shifting and time shifting, recognizing that Canadians want be able to legally put music on their computers and iPods, and record content using VCR's and PVR's.

Unfortunately, this fair balance does not permeate through to Bill C-32's legal protection of digital locks. Here, the bill caters to U.S. demands rather than the views of Canadians. The bill allows distributors to restrict access to content, skirting around the balance that is struck by fair dealing provisions. Reporters won't be able to fairly use locked content in news stories, filmmakers won't be able to insert protected clips in documentaries, and whistleblowers seeking justice will not be able to release encrypted documents.

Want the bill improved?

Syndicate content